We are getting a lot of questions from our users about technical specifications on the encryption algorithms that we use. As Jitsi is often integrated by our users as the preferred conferencing solution, the questions also extend into Jitsi, especially when used in security-sensitive environments.
I was wondering if you could point me to these information or if there is something like a technical white paper including these information. Thanks!
Questions in particular:
how encryption is done,
which ciphers are used,
which hashes are used,
implementations against (e.g. man in the middle) attacks
Now, with all of the above, in P2P calls end-to-end encryption is achieved. Jitsi Meet uses a P2P mode when there are just 2 participants in a call.
So what happens when there are more than 2 participants? Then the media gets routed through a server, our very own Jitsi Videobridge. Then encryption is done hop-by-hop. That is, media is decrypted by the bridge and encrypted again when sending it out. This is necessary to do advanced video routing because some of the video frame information (such as if a frame is a keyframe, temporal layer index, etc) is only available inside the payload.
There are ongoing efforts to provide a per-frame encryption hook so applications can encrypt media end-to-end, but those are not available yet.
Hope that helps, if you need further information, feel free to ask!