Military-Grade Encryption
Toate datele voice sunt encrypted în transit și at rest folosind algoritmi de criptare de nivel enterprise.
Encryption Layers
🌐
Transport Layer (In Transit)
TLS 1.3
API & signaling
SRTP (AES-256)
Voice media
💾
Storage Layer (At Rest)
AES-256-GCM
Recordings & transcripts
Envelope Encryption
Per-file DEK + KEK
🔑
Key Management
AWS KMS / GCP KMS
Hardware-backed keys
BYOK Support
Bring Your Own Key
SRTP Voice Encryption
// SRTP Profile SRTP-AES128-CM-HMAC-SHA1-80 (most common) SRTP-AES256-CM-HMAC-SHA1-80 (higher security) SRTP-AEAD-AES-256-GCM (recommended) // Key Exchange DTLS-SRTP (WebRTC) SDES (SIP) ZRTP (optional)
Encryption
AES in Counter Mode encrypts RTP payload
Authentication
HMAC-SHA1 validates packet integrity
Encryption Standards
| Data Type | Algorithm | Key Size | Standard |
|---|---|---|---|
| Voice Media | AES-GCM | 256-bit | SRTP RFC 3711 |
| SIP Signaling | TLS 1.3 | 256-bit | RFC 8446 |
| Recordings | AES-256-GCM | 256-bit | NIST SP 800-38D |
| Database | AES-256 | 256-bit | TDE |
| API Keys | PBKDF2-SHA256 | 256-bit | RFC 8018 |
Key Management Architecture
MK
Master Key
HSM-protected, never exported
KEK
Key Encryption Key
Per-tenant, rotated annually
DEK
Data Encryption Key
Per-file, unique for each recording