Zfone is software for secure voice communication over the Internet (VoIP), using the ZRTP protocol. It is created by Phil Zimmermann, the creator of the PGP encryption software. Zfone works on top of existing SIP- and RTP-programs, but should work with any SIP- and RTP-compliant VoIP-program.
Zfone turns many existing VoIP clients into secure phones. It runs in the Internet Protocol stack on any Windows XP, Mac OS X, or Linux PC, and intercepts and filters all the VoIP packets as they go in and out of the machine, and secures the call on the fly. A variety of different software VoIP clients can be used to make a VoIP call. The Zfone software detects when the call starts, and initiates a cryptographic key agreement between the two parties, and then proceeds to encrypt and decrypt the voice packets on the fly. It has its own separate GUI, telling the user if the call is secure. Zfone describes itself to end-users as a "bump on the wire" between the VoIP client and the Internet, which acts upon the protocol stack.
Zfone's libZRTP SDK libraries are released under either the Affero General Public License (AGPL) or a commercial license. Note that only the libZRTP SDK libraries are provided under the AGPL. The parts of Zfone that are not part of the libZRTP SDK libraries are not licensed under the AGPL or any other open source license. Although the source code of those components is published for peer review, they remain proprietary. The Zfone proprietary license also contains a time bomb provision.
It appears that Zfone development has stagnated, however, as the most recent version was released on 22 Mar 2009. In addition, since 29 Jan 2011, it has not been possible to download Zfone from the developer's website since the download server has gone offline.
Platforms and specification
- Availability - Mac OS X, Linux, and Windows as compiled programs as well as an SDK.
- Encryption standards - Based on ZRTP, which uses 128- or 256-bit AES together with a 3072-bit key exchange system and voice based verification to prevent man-in-the-middle attacks.
- ZRTP Protocol - Published as an IETF RFC 6189: "ZRTP: Media Path Key Agreement for Unicast Secure RTP"
- VoIP Clients - Zfone has been tested with the following VoIP clients: X-Lite, Gizmo5, XMeeting, Google Talk VoIP client, and SJphone.
Other encrypted voice-over-IP programs:
- Zfone home page
- Phil Zimmermann official website
- CNET News: E-mail security hero takes on VoIP
- 'Wired.com' article April 03 2006