Zfone is software for encrypting VoIP calls.


In March 2006, Phil Zimmermann introduced the beta version of a new developed software called before Zfone to encrypt VoIP calls to the public. So far, the program for Linux, Mac OS, and has been recently published on 21 May 2006 for Windows XP. As with his last program PGP, he has exposed the source of the preview version also at Zfone.

Currently, the development of Zfone certainly appears to be stagnating: the current version (0.92 build 218 beta ) was released on March 22, 2009. Moreover, it is since 29 January 2011 are not possible to download Zfone from the website of the developer, because the download server is no longer online.


The software works as a transparent proxy server, which allows users to continue using their preferred VoIP software and hardware. The incorporation of Zfone technology in individual devices and routers by the respective hardware manufacturers is provided and is already being offered by the router Vigor2820 series from the house of DrayTek. Other manufacturers will follow.

The associated specifically developed by Zimmermann in collaboration with Alan Johnston and Jon Callas for this purpose protocol called ZRTP ("Z" stands for the inventor Phil Zimmermann, "RTP" for Real-time Transport Protocol) is used for key exchange Diffie -Hellman. The encryption method used is AES -128 (optional but also AES -256 ). ZRTP is an extension of the already existing RTP protocol dar. In the Windows versions, an additional network driver named zrtp.sys install will of Zfone who identify as packet filter traffic on UDP port 5060 and then an encrypted connection via the ZRTP should establish protocol. Zimmermann has already been forwarded to the ZRTP specification for the purpose of standardization at the IETF. The VoIP session is initiated by SIP. Then the normal unencrypted RTP protocol is used to negotiate with ZRTP a shared secret, which is then used to encode the to be established SRTP (Secure RTP ) connection.

Zimmermann has consciously decided against a PKI - based method, since this has his opinion several disadvantages. So he fears for example that government agencies are successfully put pressure on the appropriate server operator, will incorporate backdoors or duplicate keys. The assessment of the actual trustworthiness of the various PKI authorities is also problematic for the user. In addition, each user would have to remember a cryptographically secure password permanently. One of acquired at a later date key could be also used retrospectively to decrypt all communications recorded through it. Also, the operation of a PKI infrastructure is very costly and maintenance-intensive.

However, the selected Zimmermann Diffie-Hellman method also has disadvantages. It is due to the system vulnerable to a man-in- the-middle attack. Zimmermann has therefore incorporated some countermeasures that will prevent success of such an attack safely. So the caller should read, for example, for their own safety at one of their first joint calls each other a four-digit code ( nonce ), whereby a kompromitierte connection can be uniquely identified. This is also important for the safety of the sequence calls. In addition, for example, the previous personal agreement of a common password is possible. On subsequent calls between the same end points of an already known SSH procedure called Baby Duck is by the use of a shared secret cache to prevent man-in- the-middle attacks. The integrity of the connection with the help of generated and stored by previous calls key caches is ensured. So an attacker would have all previous calls have successfully attacked without exception in order to decrypt the current call can. The information necessary for decoding of each run call session keys, are naturally deleted after the corresponding call immediately. So a later decryption of communications by accessing the hardware used one correspondent is excluded.

License model

While the Zfone software still is in the public beta stage, Zimmermann has logged substantial parts of the ZRTP protocol software patent claims to be, although he rejects software patents. Zimmermann feared, among other things, the secret store the session keys and any audible call recording through implemented in hardware or software VoIP phone systems. By his own admission Zimmermann wants to force through the move of patenting the licensee to refrain from installing such a back door for third parties. Build a party providers a listen- one, so it is loud License Agreement required to transmit a Disclosure flag and thus to publish his Mithörerfreundlichkeit.

The ZRTP license is free, but goes out for violations of the conditions listed above. Providers who violate secretly against the license conditions would thus automatically violate the ZRTP patent rights, because they have no valid license more. The exact license model for the beta and the final version is still largely unknown.


Partial criticized on the acoustic authentication is that in a conversation between two unknowns, the other party's voice was not well known. So could just as well the two callers read its respective key hash of the attackers. Zimmermann 's response is that it would not be absolutely necessary to recognize the voice of the interlocutor. Was already sufficient to establish whether the other party's voice during the rest of the conversation is still the same.

However, it would be conceivable for this one voice imitates or voice synthesis during the voice authentication. This effort would be worth well after the currently known state of the art in individual cases. Such an attack can be prevented by at least once, using a pre-shared key ( PSK). This pre-shared key could be agreed, for example, in a personal meeting or by means of an already verified using Web of Trust PGP key.