http://www.pbxinaflash.com/community/index.php?threads/how-to-add-secure-rtp-to-asterisk-1-8.8881/
http://www.voip-info.org/wiki/view/Asterisk+SRTP
http://www.remiphilippe.fr/2011/01/16/asterisk-srtp-with-1-8/
It turns out that it's quite straightforward to add sRTP functionality to Asterisk 1.8 (purple for us PIAF users). You just need to compile and install libsrtp, and then re-configure and re-compile Asterisk. Here's a short howto.
1) Download libsrtp source. There are a couple of spots out there to get it, but I found this link that already has everything set up for CentOS.
f-t-p://f-t-p.owlriver.com/pub/local/ORC/srtp/srtp-1.4.4-1orc.src.rpm
2) Install the source package.
rpm -ivv srtp-1.44-1orc.src.rpm
It will complain about not having a particular user on your system, but that's not a big deal.
3) cd to /usr/src/redhat/SOURCES and extract the tarball
tar xvf srtp-1.4.4.tgz
4) cd to /usr/src/redhat/SOURCES/srtp and build libsrtp.
cd srtp
./configure
make
make install
5) cd to /usr/src/asterisk and reconfigure.
cd /usr/src/asterisk
./configure
Note - I didn't use any extra configure flags. Not sure if the official PIAF build does or not. If there should be some, somebody will let me know, I'm guessing. My build seems to work fine without any.
6) Make sure that res_srtp is enabled in the menuconfig.
make menuconfig
Go to the resources section and check that res_srtp has a * by it.
7) Build asterisk.
amportal stop
make
make install
amportal start
8) Rebuild Flite
amportal stop
cd /usr/src/asterisk-flite
make
make install
amportal start
That's all - you should now have sRTP support.
I've got a Polycom 601 phone that supports sRTP. To get that working, I added the following lines to my local-sip.cfg for provisioning the phone:
sec.srtp.enable="1"
sec.srtp.leg.enable="1"
sec.srtp.offer="1"
sec.srtp.leg.allowLocalConf="0"
According to the Polycom documentation, this set of commands should enable sRTP for registrations that support it. If you try to register to an older version of asterisk without sRTP support, the phone quietly ignores these settings. You can see that the encryption is enabled by the padlock on the display when making a call.
Several other brands of IP phones support sRTP, and there are even a couple of soft-phones that support it.
Dave