Call Encryption
Overview
We value your privacy, so we introduced an OpenPGP public key encryption of recorded calls. If you do not have an OpenPGP public / private key pair, you can generate them using a 3rd party software which you can find freely on Internet (see notes on the bottom of the page).
Setting Up Call Encryption
Login as administrator on CallReplay Cloud Server and go to 'Storage' / 'Recording Encryption'.
Click the 'Upload' button and select your OpenPGP public key file. If successful, you will see some of the details of the public key certificate. For the purpose of call encryption, the certificate does not need to be signed.
Upon the next connection of your mobile phones to your tenant, the certificate will be sent to all of them and all subsequent calls will be encrypted using this certificate.
You can change the certificate any time you want, and only subsequent calls will be encrypted with the new certificate, the older ones will remain as they were (unencrypted or encrypted with older certificates).
Notes:
1.Uploading only the public key gives you a great deal of privacy: in
case of mobile phone theft, the calls could not be listened. The
drawback is that neither you can listen to your calls on the mobile
phone.
2.In case you've wondered if someone could listen to your calls
uploaded to CallReplay Cloud Server, this way you can be sure nobody
could. The drawback is the same: neither you can listen to your calls
online.
The only way to listen to your encrypted calls is to download them to a computer, decrypt them with your PGP capable software of your choice. The software will ask you for the private key, will decrypt your files and you can listen to them using your favorite WAV/3GPP player.
Quick setup for call encryption
You can also generate an OpenPGP private/public key pair using 'Generate' button from the same page. After entering a name and a password, you will be prompted to save the private key to your computer.
The generated public key will be sent to your mobile phones and calls will be encrypted using it. However, the private key will not be kept on our server for security reasons, so you should take proper care of the saved key. If you lose it, your calls cannot be decrypted.
Mobile phone encryption configuration
For the encryption to work, after you generated or uploaded a public key on CallReplay Cloud Server, you need to connect your mobile to the server. Make sure you have Internet connection then either go to 'Status' page and click 'Upload Now'.
Then go to the 'Settings' page, 'Upload Server' section and you should see the new info on 'Encryption Certificate' item.
Note: in case you have used multiple certificates over time, for each encrypted call you will see the certificate details on the call details page; this way you can identify the private key required to decrypt the recorded call.
Notes
The encrypted file conforms with OpenPGP standard (RFC 4880). The encryption is done using AES 256.
The generated certificate is a 1024-bit RSA key OpenPGP.
If you do not have an OpenPGP certificate and prefer creating one yourself, you can use GPG4Win, which is a 3rd party OpenPGP compliant free software for Windows: http://www.gpg4win.org.