I have the following setup: mediasoup PlainTransport with srtpParameters (AES_CM_128_HMAC_SHA1_80 profile) sends SRTP packets to golang app with pion/srtp lib on board. keyBase64 are equal as well as encryption profile on both sides.
Decryption fails with message: failed to verify auth tag.
I found the code where pion/srtp compares expected authTag (the length of 10 from the tail of encrypted packet) with actual one.
I would be grateful if someone could tell me how to debug encryption on mediasoup side? Where is the code in worker that generates authTag?
The PlainTransport actually uses two keys, one for sending and one for receiving. Given your error, it’s likely that you are using the wrong key.
For receiving into a PlainTransport, the key is generated externally and set in the transport.connect({ srtpParameters }) call.
For sending from a PlainTransport, the key is generated internally by mediasoup when enableSrtp is set, and retrieved with the transport.srtpParameters attribute.
Thank you @jbaudanza
I’ve just found out that srtpLocalKey is randomly generated and was about to ask here how can I get it from the Worker. I was happy to see your answer before my question. Such a great community!