The Mixer Service in the Voice Recording Solution (VRS) application is designed to combine the separate audio streams of an agent and customer into a single WAV file. To enhance security, the mixed WAV file is encrypted before storage. This ensures that files downloaded directly from the server remain secure and unplayable without proper decryption.
A separate Decryption Service API is available to decrypt the files on request. This API provides the decrypted file and its associated metadata, enabling playback only through authorized access via the VRS front end.
The Mixer Service processes recordings from the Agent and Customer streams.
The two streams are combined into a single WAV file.
Once the WAV file is generated, it is encrypted using a hardcoded key in the service code.
The encrypted file is stored securely on the server.
Files downloaded directly from the server remain encrypted and unplayable without decryption.
A backend API handles requests to decrypt the file.
The API decrypts the file using the same hardcoded key and provides:
The decrypted WAV file.
File metadata (e.g., recording duration, agent/customer IDs, timestamp).
Decrypted files are only accessible via the VRS front end, ensuring controlled playback.
Key Location: The encryption and decryption key is currently hard-coded in the service code.
Note: Hard-coding is a temporary solution. For production environments, a secure key management system (e.g., AWS Secrets Manager, Vault) should be implemented.
Ensure the VRS application and Mixer Service are properly deployed.
Verify that the SIP trunk is configured for call recordings.
Confirm that the Decryption Service API is accessible and functional.
Use Cisco Finesse to initiate and receive a test call.
Ensure the call is recorded via the SIP trunk.
Access the server where recordings are stored.
Locate and download the encrypted WAV file associated with the test call in the directory. /usr/share/freeswitch/cucmRecording/sessions
Attempt to play the downloaded file:
Expected Result: The file should not be playable, as it is encrypted.
Log in to the VRS front end.
Locate the test call recording in the application interface.
Attempt to play the recording:
Expected Result: The file should be decrypted on-the-fly by the Decryption Service API and play correctly.
Check the metadata returned by the API.
Hardcoded Key:
Security risk: The encryption key is hardcoded in the service code.
Recommendation: Transition to a secure key management solution.
Direct File Access:
Encrypted files can be downloaded directly but are unplayable.
Recommendation: Restrict direct access to sensitive storage directories.
Changes in Deployment:
for the call encryption and decryption, there is no change in the overall deployment of the Mixer and API component. since the changes is in the code.
Technical Documentation
Below is the technical Documentation for Encryption/Decryption