I see in the managers manual that the latest version of vicidial has the optional GPG audio recording encryption, but what I can't find (did a search through the manual and online) is how do you setup / enable the recording encryption?
thanks
DF
GPG Audio recording setup
Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N
3 posts
• Page 1 of 1
GPG Audio recording setup
by dragn-fire » Thu Sep 28, 2017 1:15 pm
- dragn-fire
- Posts: 6
- Joined: Mon Aug 11, 2014 1:53 pm
Re: GPG Audio recording setup
by mflorell » Thu Sep 28, 2017 2:46 pm
A couple years ago we added a PGP encryption utility into the Vicidial codebase(AST_CRON_audio_2_encrypt.pl). We wrote this for a client who was already using PGP heavily in their organization, so we haven't really gone too in-depth into explaining the process yet. You need to have the public PGP keys you want to use imported into GPG on all dialers in the cluster, and it gets run in the crontab after the compress step-2 audio processing script. The comments from the script is included at the end of this post.
Basically, every person that wants to access the encrypted recordings has to have the PGP application installed on their workstations. They also have to have the PGP private keys for any files they wish to decrypt loaded onto their workstations. They also need to know the passphrase for those private PGP keys in order to decrypt each PGP-encrypted file.
How it works from the VICIdial side is:
- At end of call, recording is compressed(usually MP3) as it normally is
- Encrypt script goes through the compressed recordings encrypting them with the defined PGP public keys
- FTP script sends encrypted recordings(with ".pgp" file extension) to archive server
- Users click on recording links in admin web page to download recordings
- PGP application on user workstation opens up, they are prompted for PGP key passphrase
- recording plays in audio player on workstation
# AST_CRON_audio_2_encrypt.pl
#
# This is a STEP-2 program in the audio archival process(should happen AFTER any compression)
#
# runs every 3 minutes and encrypts the recording files to GPG format by default
#
# put an entry into the cron of of your asterisk machine to run this script
# every 3 minutes or however often you desire
#
# You MUST define the type of audio file that this process will pull from: WAV, GSM, MP3, OGG, GSW
#
# ### recording mixing/compressing/encrypting/ftping scripts
##0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
# 0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
# 1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --GSM
# 2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_2_encrypt.pl --GPG --GSM --recipients=gpg@vicidial.com
# 0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --GPG
#
# FLAGS FOR ENCRYPTION OPTIONS
# --GPG = GnuPG encryption(assumes recipient public keys are loaded on server)
#
Basically, every person that wants to access the encrypted recordings has to have the PGP application installed on their workstations. They also have to have the PGP private keys for any files they wish to decrypt loaded onto their workstations. They also need to know the passphrase for those private PGP keys in order to decrypt each PGP-encrypted file.
How it works from the VICIdial side is:
- At end of call, recording is compressed(usually MP3) as it normally is
- Encrypt script goes through the compressed recordings encrypting them with the defined PGP public keys
- FTP script sends encrypted recordings(with ".pgp" file extension) to archive server
- Users click on recording links in admin web page to download recordings
- PGP application on user workstation opens up, they are prompted for PGP key passphrase
- recording plays in audio player on workstation
# AST_CRON_audio_2_encrypt.pl
#
# This is a STEP-2 program in the audio archival process(should happen AFTER any compression)
#
# runs every 3 minutes and encrypts the recording files to GPG format by default
#
# put an entry into the cron of of your asterisk machine to run this script
# every 3 minutes or however often you desire
#
# You MUST define the type of audio file that this process will pull from: WAV, GSM, MP3, OGG, GSW
#
# ### recording mixing/compressing/encrypting/ftping scripts
##0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_mix.pl
# 0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_1_move_VDonly.pl
# 1,4,7,10,13,16,19,22,25,28,31,34,37,40,43,46,49,52,55,58 * * * * /usr/share/astguiclient/AST_CRON_audio_2_compress.pl --GSM
# 2,5,8,11,14,17,20,23,26,29,32,35,38,41,44,47,50,53,56,59 * * * * /usr/share/astguiclient/AST_CRON_audio_2_encrypt.pl --GPG --GSM --recipients=gpg@vicidial.com
# 0,3,6,9,12,15,18,21,24,27,30,33,36,39,42,45,48,51,54,57 * * * * /usr/share/astguiclient/AST_CRON_audio_3_ftp.pl --GPG
#
# FLAGS FOR ENCRYPTION OPTIONS
# --GPG = GnuPG encryption(assumes recipient public keys are loaded on server)
#
- mflorell
- Site Admin
- Posts: 18386
- Joined: Wed Jun 07, 2006 2:45 pm
- Location: Florida
Re: GPG Audio recording setup
by eyeofefil » Tue Apr 17, 2018 2:53 pm
I was able to test this on my end, my problem now is where are the encrypted files dumped? I hope somebody can answer me for I have been dealing with this for a week
Update: after analyzing the .pl file, I was able to understand where it went
/var/spool/asterisk/monitorDONE/GPG
Thanks and Regards!
Update: after analyzing the .pl file, I was able to understand where it went
/var/spool/asterisk/monitorDONE/GPG
Thanks and Regards!
- eyeofefil
- Posts: 21
- Joined: Thu Feb 15, 2018 2:45 pm
3 posts
• Page 1 of 1
Who is online
Users browsing this forum: Google [Bot] and 126 guests