The RFC does have information on encryption on how to do encryption. I would like to see this implemented.
IAX supports call encryption using the symmetric key, Rijndael [AES]
block cipher (also called AES -- Advanced Encryption Standard).
Rijndael is a 128-bit block cipher utilizing a shared secret. IAX
encrypts on a call-by-call basis starting with a plaintext NEW
message indicating, in addition to the other message parameters, that
the call should be encrypted. This indication is given by sending
the ENCRYPTION IE (Section 8.6.34) in the NEW request message. If
the called host supports encryption, it will respond with a plaintext
AUTHREQ message that also includes the ENCRYPTION IE. All subsequent
messages in the call MUST be encrypted. If the called host does not
support encryption, the AUTHREQ sent in response to the NEW must not
include the ENCRYPTION IE and the calling host MUST either HANGUP the
request or continue with the unencrypted call.
The key to use in encrypting the messages is computed by taking the
CHALLENGE IE Section 8.6.14 from the AUTHREQ and concatenating any
one of the shared passwords then computing the 128-bit MD5 digest of
this combination. To decrypt, if there is more than one password for
the peer, each must be tried until the message is successfully
decoded. The key remains constant for the duration of the call.
Only the data portion of the messages are encoded."