SharpSRTP 0.2.0

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. .NET Standard 2.0 This package targets .NET Standard 2.0. The package is compatible with this framework or higher. .NET Framework 4.8.1 This package targets .NET Framework 4.8.1. The package is compatible with this framework or higher. 
dotnet add package SharpSRTP --version 0.2.0
                    


                    

                
NuGet\Install-Package SharpSRTP -Version 0.2.0
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="SharpSRTP" Version="0.2.0" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="SharpSRTP" Version="0.2.0" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="SharpSRTP" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add SharpSRTP --version 0.2.0
                    


                    

                
#r "nuget: SharpSRTP, 0.2.0"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package SharpSRTP@0.2.0
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=SharpSRTP&version=0.2.0
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=SharpSRTP&version=0.2.0
                    


                            Install as a Cake Tool

SharpSRTP

DTLS, DTLS-SRTP and SRTP/SRTCP client and server written in C#.

NuGet version

Implements the following RFCs:

  1. The Secure Real-time Transport Protocol (SRTP) RFC3711
  2. Session Description Protocol (SDP) Security Descriptions for Media Streams RFC4568
  3. The SEED Cipher Algorithm and Its Use with the Secure Real-Time Transport Protocol (SRTP) RFC5669
  4. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) RFC5764
  5. The Use of AES-192 and AES-256 in Secure RTP RFC6188
  6. Encryption of Header Extensions in the Secure Real-time Transport Protocol (SRTP) RFC6904
  7. AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP) RFC7714
  8. The ARIA Algorithm and Its Use with the Secure Real-Time Transport Protocol (SRTP) RFC8269
  9. Double Encryption Procedures for the Secure Real-Time Transport Protocol (SRTP) RFC8723

SRTP Crypto Suites

Currently implemented SRTP Crypto Suites are:

  1. AES_CM_128_HMAC_SHA1_80 RFC4568
  2. AES_CM_128_HMAC_SHA1_32 RFC4568
  3. F8_128_HMAC_SHA1_80 RFC4568
  4. SEED_CTR_128_HMAC_SHA1_80 RFC5669
  5. SEED_128_CCM_80 RFC5669
  6. SEED_128_GCM_96 RFC5669
  7. AES_192_CM_HMAC_SHA1_80 RFC6188
  8. AES_192_CM_HMAC_SHA1_32 RFC6188
  9. AES_256_CM_HMAC_SHA1_80 RFC6188
  10. AES_256_CM_HMAC_SHA1_32 RFC6188
  11. AEAD_AES_128_GCM RFC7714
  12. AEAD_AES_256_GCM RFC7714

DTLS-SRTP Protection Profiles

Currently implemented DTLS-SRTP protection profiles are:

  1. SRTP_AES128_CM_HMAC_SHA1_80 RFC5764
  2. SRTP_AES128_CM_HMAC_SHA1_32 RFC5764
  3. SRTP_NULL_HMAC_SHA1_80 RFC5764
  4. SRTP_NULL_HMAC_SHA1_32 RFC5764
  5. SRTP_AEAD_AES_128_GCM RFC7714
  6. SRTP_AEAD_AES_256_GCM RFC7714
  7. DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM RFC8723
  8. DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM RFC8723
  9. SRTP_ARIA_128_CTR_HMAC_SHA1_80 RFC8269
  10. SRTP_ARIA_128_CTR_HMAC_SHA1_32 RFC8269
  11. SRTP_ARIA_256_CTR_HMAC_SHA1_80 RFC8269
  12. SRTP_ARIA_256_CTR_HMAC_SHA1_32 RFC8269
  13. SRTP_AEAD_ARIA_128_GCM RFC8269
  14. SRTP_AEAD_ARIA_256_GCM RFC8269

Thread Safety

SharpSRTP is not thread-safe. If multiple threads need to access the same SRTP context, proper synchronization mechanisms must be implemented by the user.

DTLS

The current DTLS implementation is based upon BouncyCastle and supports DTLS 1.2 only.

DTLS Server

Start with generating the TLS certificate. Self-signed RSA SHA256 certificate can be generated as follows:

bool isRSA = true;
var rsaCertificate = DtlsCertificateUtils.GenerateCertificate("DTLS", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS server and subscribe the OnHandshakeCompleted event to get notified when a client connects:

DtlsServer server = new DtlsServer(rsaCertificate.Certificate, rsaCertificate.PrivateKey, SignatureAlgorithm.rsa, HashAlgorithm.sha256);
server.OnHandshakeCompleted += (sender, e) =>
{
    ...
};

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

UdpDatagramTransport udpServerTransport = new UdpDatagramTransport("127.0.0.1:8888", null);

Wait for the client and perform DTLS handshake:

bool isShutdown = false;
while(!isShutdown)
{
    DtlsTransport dtlsTransport = server.DoHandshake(
        out string error,
        udpServerTransport, 
        () =>
        {
            return udpServerTransport.RemoteEndPoint.ToString();
        },
        (remoteEndpoint) =>
        {
            return new UdpDatagramTransport(null, remoteEndpoint);
        });
        
        var session = Task.Run(() =>
        {
            ...
        });
}

Receive data from the client:

byte[] buffer = new byte[dtlsTransport.GetReceiveLimit()];
int receivedLength = dtlsTransport.Receive(buffer, 0, buffer.Length, 100);

Send data to the client:

dtlsTransport.Send(buffer, 0, buffer.Length);

To modify the offered crypto suites for the DTLS handshake, simply override GetSupportedCipherSuites and return a different set of crypto suites. To support a different version of DTLS, override GetSupportedVersions and return a different version. Note that as of January 2026, BouncyCastle still does not support DTLS 1.3.

DTLS Client

Start with creating the TLS certificate. Certificate type of the client must match the certificate type on the server, meaning if the server uses RSA certificate, the client has to use RSA certificate as well:

var rsaCertificate = DtlsCertificateUtils.GenerateCertificate("DTLS", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), true);

Create the DTLS client:

DtlsClient client = new DtlsClient(null, rsaCertificate.certificate, rsaCertificate.key, SignatureAlgorithm.rsa, HashAlgorithm.sha256);

Optionally, you can let the client auto-generate the matching certificate:

DtlsClient client = new DtlsClient();

Subscribe for OnHandshakeCompleted:

client.OnHandshakeCompleted += (sender, e) =>
{
    ...
};

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

UdpDatagramTransport udpServerTransport = new UdpDatagramTransport(null, "127.0.0.1:8888");

Connect the client:

DtlsTransport dtlsTransport = client.DoHandshake(out string error, udpClientTransport);

Receive data to the server:

dtlsTransport.Send(buffer, 0, buffer.Length);

Receive data from the server:

byte[] buffer = new byte[dtlsTransport.GetReceiveLimit()];
int receivedLength = dtlsTransport.Receive(buffer, 0, buffer.Length, 100);

Close the transport:

dtlsTransport.Close();

SRTP

SRTP implementation is designed to take RTP/RTCP and convert it to SRTP/SRTCP while maintaining the SRTP context. RTP/RTSP server and clients are out of the scope of this library, but for a fully working example based upon SharpRTSP please refer to the examples.

Server

Generate a random SRTP master key for AES_CM_128_HMAC_SHA1_80 on the server:

string cryptoSuite = SrtpCryptoSuites.AES_CM_128_HMAC_SHA1_80;
byte[] MKI = null;
SrtpKeys keys = SrtpProtocol.CreateMasterKeys(cryptoSuite, MKI);

Obtain the generated master key + master salt to send it to the client:

byte[] masterKeySalt = keys.MasterKeySalt;

Create a new SRTP context using those keys:

SrtpSessionContext context = SrtpProtocol.CreateSrtpSessionContext(keys);

Client

Create a new SRTP context using existing keys from the server:

string cryptoSuite = SrtpCryptoSuites.AES_CM_128_HMAC_SHA1_80;
byte[] masterKeySalt = ...
byte[] MKI = null;
SrtpKeys keys = SrtpProtocol.CreateMasterKeys(cryptoSuite, MKI, masterKeySalt);
SrtpSessionContext context = SrtpProtocol.CreateSrtpSessionContext(keys);

RTP

To encrypt RTP and create SRTP:

byte[] rtp = ...
byte[] rtpBuffer = new byte[context.CalculateRequiredSrtpPayloadLength(rtp.Length)];
Buffer.BlockCopy(rtp, 0, rtpBuffer, 0, rtp.Length);
context.ProtectRtp(rtpBuffer, rtp.Length, out int length);
byte[] srtp = rtpBuffer.Take(length).ToArray();

To decrypt SRTP and create RTP:

byte[] srtp = ...
context.UnprotectRtp(srtp, srtp.Length, out int length);
byte[] rtp = srtp.Take(length).ToArray();

RTCP

To encrypt RTCP and create SRTCP:

byte[] rtcp = ...
byte[] rtcpBuffer = new byte[context.CalculateRequiredSrtcpPayloadLength(rtcp.Length)];
Buffer.BlockCopy(rtcp, 0, rtcpBuffer, 0, rtcp.Length];
context.ProtectRtcp(rtcpBuffer, rtcp.Length, out int length);
byte[] srtcp = rtcpBuffer.Take(length).ToArray();

To decrypt SRTCP and create RTCP:

byte[] srtcp = ...
context.UnprotectRtcp(srtcp, srtcp.Length, out int length);
byte[] rtcp = srtcp.Take(length).ToArray();

Samples

SRTP samples can be found in the SharpRealtimeStreaming repo.

DTLS-SRTP

DTLS-SRTP uses a modified DTLS client/server with the "use_srtp" extension to negotiate the SRTP encryption parameters and derive the corresponding SRTP keys.

Server

First generate the TLS certificate, this time it will be ECDsa:

bool isRSA = false;
var ecdsaCertificate = DtlsCertificateUtils.GenerateCertificate("WebRTC", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS-SRTP server:

var server = new DtlsSrtpServer(ecdsaCertificate.Certificate, ecdsaCertificate.PrivateKey, SignatureAlgorithm.ecdsa, HashAlgorithm.sha256);

Subscribe for OnSessionStarted:

server.OnSessionStarted += (sender, e) =>
{
    var context = e.Context;
    var clientTransport = e.ClientDatagramTransport;
    ...
};

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

UdpDatagramTransport udpServerTransport = new UdpDatagramTransport("127.0.0.1:8888", null);

Wait for the client and perform DTLS handshake:

bool isShutdown = false;
while(!isShutdown)
{
    DtlsTransport dtlsTransport = server.DoHandshake(
        out string error,
        udpServerTransport, 
        () =>
        {
            return udpServerTransport.RemoteEndPoint.ToString();
        },
        (remoteEndpoint) =>
        {
            return new UdpDatagramTransport(null, remoteEndpoint);
        });
}

After the OnSessionStarted event is executed, you can use the Context to protect/unprotect data and clientTransport to send/receive SRTP.

Client

Generate the TLS certificate, this time it will be ECDsa:

bool isRSA = false;
var ecdsaCertificate = DtlsCertificateUtils.GenerateCertificate("WebRTC", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS-SRTP client:

var client = new DtlsSrtpClient(ecdsaCertificate.Certificate, ecdsaCertificate.PrivateKey, SignatureAlgorithm.ecdsa, HashAlgorithm.sha256)

Subscribe for OnSessionStarted:

client.OnSessionStarted += (sender, e) =>
{
    var context = e.Context;
    var clientTransport = e.ClientDatagramTransport;
    ...
};

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

UdpDatagramTransport udpServerTransport = new UdpDatagramTransport(null, "127.0.0.1:8888");

Connect the client:

DtlsTransport dtlsTransport = client.DoHandshake(out string error, udpClientTransport);

After the OnSessionStarted event is executed, you can use the Context to protect/unprotect data and clientTransport to send/receive SRTP.

Product Compatible and additional computed target framework versions.
.NET net5.0 was computed.  net5.0-windows was computed.  net6.0 was computed.  net6.0-android was computed.  net6.0-ios was computed.  net6.0-maccatalyst was computed.  net6.0-macos was computed.  net6.0-tvos was computed.  net6.0-windows was computed.  net7.0 was computed.  net7.0-android was computed.  net7.0-ios was computed.  net7.0-maccatalyst was computed.  net7.0-macos was computed.  net7.0-tvos was computed.  net7.0-windows was computed.  net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 is compatible.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
.NET Core netcoreapp2.0 was computed.  netcoreapp2.1 was computed.  netcoreapp2.2 was computed.  netcoreapp3.0 was computed.  netcoreapp3.1 was computed. 
.NET Standard netstandard2.0 is compatible.  netstandard2.1 was computed. 
.NET Framework net461 was computed.  net462 was computed.  net463 was computed.  net47 was computed.  net471 was computed.  net472 was computed.  net48 was computed.  net481 is compatible. 
MonoAndroid monoandroid was computed. 
MonoMac monomac was computed. 
MonoTouch monotouch was computed. 
Tizen tizen40 was computed.  tizen60 was computed. 
Xamarin.iOS xamarinios was computed. 
Xamarin.Mac xamarinmac was computed. 
Xamarin.TVOS xamarintvos was computed. 
Xamarin.WatchOS xamarinwatchos was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

NuGet packages (2)

Showing the top 2 NuGet packages that depend on SharpSRTP:

Package Downloads
SharpRTSPServer

Simple RTSP/RTSPS client and server. Supports H264, H265, H266, AV1 and AAC.
SharpRTSPClient

Simple RTSP/RTSPS client and server. Supports H264, H265, H266, AV1 and AAC.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
0.2.0 39 1/10/2026
0.1.0 39 1/10/2026
0.0.1 176 1/4/2026