I am trying to setup secure calls with H.323 endpoints. I am currently testing with polcom PVX. I can negotiate a shared secret using diffie-hellman and the first 8 bytes of the shared secret match the PVX's check code. But how to derive the media encryption keys from the shared secret ?

From H.235.6 I understand that the shared secret must be used to decrypt encryptedSessionKey, but the decryption is failing?

Thanks, Jad