ZRTP, an extension of RTP, applies Diffie-Hellman (DH) key agreement to existing SRTP packets by providing key-management services during the setup process of a VoIP call between two endpoints. It stays far away from the session layer, such as SIP and H.323, and focuses solely on SRTP. ZRTP creates a shared secret that is used to generate keys and a salt for SRTP sessions. One of the nice things about the protocol is that it does not require prior shared secrets or a Public Key Infrastructure (PKI) to be in place.

ZRTP is similar to PGP (Pretty Good Privacy) as it tries to ensure that man-in-the-middle attacks do not occur between two endpoints. In order to solve these issues, it uses a Short Authentication String (SAS), which is ...