pylibsrtp

1.0.0 · active · verified Sat Apr 11

pylibsrtp is a Python wrapper around the native libsrtp library, enabling Python applications to encrypt and decrypt Secure Real-time Transport Protocol (SRTP) packets. SRTP, as defined by RFC 3711, provides essential confidentiality, message authentication, and replay protection for RTP streams. The library is currently at version 1.0.0, released on October 13, 2025, and maintains a periodic release schedule to incorporate updates and fixes.

Warnings

breaking The underlying libsrtp library, which pylibsrtp wraps, introduced breaking changes in versions 2.x, specifically concerning initialization vectors for AES 256 ICM and AES GCM ciphers when used with OpenSSL for RTCP. Ensure your libsrtp version is compatible with your usage patterns to avoid unexpected decryption failures or security issues.
Fix: Review the libsrtp changelog for compatibility notes. Upgrade all endpoints to a consistent and recent version of libsrtp (2.0 or newer) to ensure interoperability and correct cipher behavior, especially for RTCP with AES 256 ICM or AES GCM.
gotcha pylibsrtp requires the native libsrtp library (version 2.0 or better) to be installed on your system. `pip install pylibsrtp` only installs the Python bindings; it does not install the underlying C library. Failure to install libsrtp beforehand will result in build errors during pip installation or runtime errors due to missing shared libraries.
Fix: Before installing pylibsrtp, install libsrtp 2.0 or higher using your system's package manager (e.g., `apt install libsrtp2-dev` on Debian/Ubuntu, `dnf install libsrtp-devel` on Fedora/CentOS, `brew install srtp` on macOS).
gotcha When building pylibsrtp on macOS after installing `srtp` via Homebrew, you might need to set specific environment variables for the build process to correctly link against the installed libsrtp and OpenSSL libraries.
Fix: Set `CFLAGS` and `LDFLAGS` environment variables before installation: `export CFLAGS="-I$(brew --prefix openssl)/include -I$(brew --prefix srtp)/include"` and `export LDFLAGS="-L$(brew --prefix openssl)/lib -L$(brew --prefix srtp)/lib"`. Then proceed with `pip install pylibsrtp`.

Install

pip install pylibsrtp Install stable version

Imports

Policy
```
from pylibsrtp import Policy
```
Session
```
from pylibsrtp import Session
```
Error
```
from pylibsrtp import Error
```

Quickstart

This quickstart demonstrates how to initialize SRTP policies and sessions for both protecting (encrypting) and unprotecting (decrypting) an RTP packet using a shared master key. It then verifies that the unprotected packet matches the original.

from pylibsrtp import Policy, Session

key = (b'\x00' * 30)
rtp_packet = b'\x80\x08\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00' + (b'\xd4' * 160)

# Create an outbound policy and session for protection
tx_policy = Policy(key=key, ssrc_type=Policy.SSRC_ANY_OUTBOUND)
tx_session = Session(policy=tx_policy)
srtp_packet = tx_session.protect(rtp_packet)

# Create an inbound policy and session for unprotection
rx_policy = Policy(key=key, ssrc_type=Policy.SSRC_ANY_INBOUND)
rx_session = Session(policy=rx_policy)
unprotected_rtp_packet = rx_session.unprotect(srtp_packet)

# Verify roundtrip
assert unprotected_rtp_packet == rtp_packet
print("SRTP protection and unprotection successful!")

view raw JSON →