Overview
The Mixer Service in the Voice Recording Solution (VRS) application is designed to combine the separate audio streams of an agent and customer into a single WAV file. To enhance security, the mixed WAV file is encrypted before storage. This ensures that files downloaded directly from the server remain secure and unplayable without proper decryption.
A separate Decryption Service API is available to decrypt the files on request. This API provides the decrypted file and its associated metadata, enabling playback only through authorized access via the VRS front end.
Workflow
1. Recording Mixing
The Mixer Service processes recordings from the Agent and Customer streams.
The two streams are combined into a single WAV file.
2. File Encryption
Once the WAV file is generated, it is encrypted using a hardcoded key in the service code.
The encrypted file is stored securely on the server.
Files downloaded directly from the server remain encrypted and unplayable without decryption.
3. Decryption and Playback
A backend API handles requests to decrypt the file.
The API decrypts the file using the same hardcoded key and provides:
The decrypted WAV file.
File metadata (e.g., recording duration, agent/customer IDs, timestamp).
Decrypted files are only accessible via the VRS front end, ensuring controlled playback.
Environment Configuration
Key Hard-coding
Key Location: The encryption and decryption key is currently hard-coded in the service code.
Note: Hard-coding is a temporary solution. For production environments, a secure key management system (e.g., AWS Secrets Manager, Vault) should be implemented.
Testing Process
Prerequisites
Ensure the VRS application and Mixer Service are properly deployed.
Verify that the SIP trunk is configured for call recordings.
Confirm that the Decryption Service API is accessible and functional.
Test Steps
Step 1: Make a Call
Use Cisco Finesse to initiate and receive a test call.
Ensure the call is recorded via the SIP trunk.
Step 2: Download the File Directly
Access the server where recordings are stored.
Locate and download the encrypted WAV file associated with the test call in the directory. /usr/share/freeswitch/cucmRecording/sessions
Attempt to play the downloaded file:
Expected Result: The file should not be playable, as it is encrypted.
Step 3: Playback via VRS Front End
Log in to the VRS front end.
Locate the test call recording in the application interface.
Attempt to play the recording:
Expected Result: The file should be decrypted on-the-fly by the Decryption Service API and play correctly.
Step 4: Verify Metadata
Check the metadata returned by the API.
Known Limitations
Hardcoded Key:
Security risk: The encryption key is hardcoded in the service code.
Recommendation: Transition to a secure key management solution.
Direct File Access:
Encrypted files can be downloaded directly but are unplayable.
Recommendation: Restrict direct access to sensitive storage directories.
Technical Documentation
Below is the technical Documentation for Encryption/Decryption