diff --git a/conf/janus.plugin.streaming.jcfg.sample.in b/conf/janus.plugin.streaming.jcfg.sample.in
index 1fb4751774..7eb058bea5 100644
--- a/conf/janus.plugin.streaming.jcfg.sample.in
+++ b/conf/janus.plugin.streaming.jcfg.sample.in
@@ -65,6 +65,15 @@
 # srtpsuite = 32
 # srtpcrypto = WbTBosdVUZqEb6Htqhn+m3z7wUh4RJVR8nE15GbN
 #
+# The Streaming plugin can also be used to (re)stream media that has been
+# encrypted using something that can be consumed via Insertable Streams.
+# In that case, we only need to be aware of it, so that we can send the
+# info along with the SDP. How to decrypt the media is out of scope, and
+# up to the application since, again, this is end-to-end encryption and
+# so neither Janus nor the Streaming plugin have access to anything.
+# DO NOT SET THIS PROPERTY IF YOU DON'T KNOW WHAT YOU'RE DOING!
+# e2ee = true
+#
 # The following options are only valid for the 'rstp' type:
 # url = RTSP stream URL (only for restreaming RTSP)
 # rtsp_user = RTSP authorization username (only if type=rtsp)
diff --git a/conf/janus.plugin.videoroom.jcfg.sample b/conf/janus.plugin.videoroom.jcfg.sample
index c0e6ee764f..e91c3ce867 100644
--- a/conf/janus.plugin.videoroom.jcfg.sample
+++ b/conf/janus.plugin.videoroom.jcfg.sample
@@ -39,6 +39,8 @@
 #               new feeds (publishers), and enabling this may result extra notification
 #               traffic. This flag is particularly useful when enabled with require_pvtid
 #               for admin to manage listening only participants. default=false)
+# require_e2ee = true|false (whether all participants are required to publish and subscribe
+#             using end-to-end media encryption, e.g., via Insertable Streams; default=false)
 #}
 
 general: {
diff --git a/html/demos.html b/html/demos.html
index 40a5d5f679..63763a3e07 100644
--- a/html/demos.html
+++ b/html/demos.html
@@ -94,6 +94,10 @@ <h1>Janus WebRTC Server: Demo Tests</h1>
 					<td><a href="devicetest.html">Device Selection</a></td>
 					<td>A variant of the Echo Test demo, that allows you to choose a specific capture device.</td>
 				</tr>
+				<tr>
+					<td><a href="e2etest.html">End-to-end Encryption</a></td>
+					<td>A variant of the Echo Test demo, that allows you to encrypt the video in a way that Janus can't access it, but can still route it.</td>
+				</tr>
 				<tr>
 					<td><a href="multiopus.html">Multichannel Opus (surround)</a></td>
 					<td>A variant of the Echo Test demo, that shows multichannel/surround Opus support.</td>
diff --git a/html/devicetest.html b/html/devicetest.html
index 9fae73a81d..945a88074d 100644
--- a/html/devicetest.html
+++ b/html/devicetest.html
@@ -4,7 +4,7 @@
 <meta charset="utf-8">
 <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
 <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-<title>Janus WebRTC Server: Echo Test</title>
+<title>Janus WebRTC Server: Device Selection Test</title>
 <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/6.4.0/adapter.min.js" ></script>
 <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js" ></script>
 <script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery.blockUI/2.70/jquery.blockUI.min.js" ></script>
diff --git a/html/e2etest.html b/html/e2etest.html
new file mode 100644
index 0000000000..47dbb2b20b
--- /dev/null
+++ b/html/e2etest.html
@@ -0,0 +1,128 @@
+<!DOCTYPE html>
+<html xmlns="http://www.w3.org/1999/xhtml">
+<head>
+<meta charset="utf-8">
+<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+<title>Janus WebRTC Server: End-to-end Encryption Test</title>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/webrtc-adapter/6.4.0/adapter.min.js" ></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery/1.9.1/jquery.min.js" ></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/jquery.blockUI/2.70/jquery.blockUI.min.js" ></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.4.1/js/bootstrap.min.js"></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/bootbox.js/5.4.0/bootbox.min.js"></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/spin.js/2.3.2/spin.min.js"></script>
+<script type="text/javascript" src="https://cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.js"></script>
+<script type="text/javascript" src="janus.js" ></script>
+<script type="text/javascript" src="e2etest.js"></script>
+<script>
+	$(function() {
+		$(".navbar-static-top").load("navbar.html", function() {
+			$(".navbar-static-top li.dropdown").addClass("active");
+			$(".navbar-static-top a[href='e2etest.html']").parent().addClass("active");
+		});
+		$(".footer").load("footer.html");
+	});
+</script>
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/bootswatch/3.4.0/cerulean/bootstrap.min.css" type="text/css"/>
+<link rel="stylesheet" href="css/demo.css" type="text/css"/>
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/4.7.0/css/font-awesome.min.css" type="text/css"/>
+<link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/toastr.js/2.1.4/toastr.min.css"/>
+</head>
+<body>
+
+<a href="https://github.com/meetecho/janus-gateway"><img style="position: absolute; top: 0; left: 0; border: 0; z-index: 1001;" src="https://s3.amazonaws.com/github/ribbons/forkme_left_darkblue_121621.png" alt="Fork me on GitHub"></a>
+
+<nav class="navbar navbar-default navbar-static-top">
+</nav>
+
+<div class="container">
+	<div class="row">
+		<div class="col-md-12">
+			<div class="page-header">
+				<h1>Plugin Demo: End-to-end Encryption
+					<button class="btn btn-default" autocomplete="off" id="start">Start</button>
+				</h1>
+			</div>
+			<div class="container" id="details">
+				<div class="row">
+					<div class="col-md-12">
+						<h3>Demo details</h3>
+						<p>This is a variant of the Echo Test demo: everything is exactly
+						the same in term of available controls, features, and the like, with
+						the substantial difference that it shows how you can configure an
+						end-to-end encryption context using the recently introduced
+						<a target="_blank" href="https://www.chromestatus.com/feature/6321945865879552">Insertable Streams</a>.</p>
+						<p>Specifically, this demo will prompt for a secret, and then use the same transform functions as
+						<a target="_blank" href="https://webrtc.github.io/samples/src/content/peerconnection/endtoend-encryption/">this official demo</a>
+						to encrypt the media: this means Janus will NOT have access to the media, but
+						will still be able to pass the packets to the EchoTest plugin and send them
+						back, thus ensuring an end-to-end encryption of the content. In this context,
+						the same page that encrypted the media will also decrypt it, which means
+						that if you see both local and remote video, then it's working as expected.
+						You'll probably want to then experiment with this feature by playing with
+						other plugins as well, e.g., the VideoRoom, for E2E-encrypted conferences.</p>
+						<p>Notice that at the time of writing, only video can be end-to-end encrypted,
+						and not audio. More importantly, at the moment this will only work if you're
+						using a recent of Chrome version that has been started either with the following flag:</p>
+						<p><div class="alert alert-info"><code>--enable-experimental-web-platform-features --force-fieldtrials=WebRTC-GenericDescriptorAdvertised/Enabled/</code></div></p>
+						<p>Press the <code>Start</code> button above to launch the demo.</p>
+					</div>
+				</div>
+			</div>
+			<div class="container hide" id="videos">
+				<div class="row">
+					<div class="col-md-6">
+						<div class="panel panel-default">
+							<div class="panel-heading">
+								<h3 class="panel-title">Local Stream
+									<div class="btn-group btn-group-xs pull-right hide">
+										<button class="btn btn-danger" autocomplete="off" id="toggleaudio">Disable audio</button>
+										<button class="btn btn-danger" autocomplete="off" id="togglevideo">Disable video</button>
+										<div class="btn-group btn-group-xs">
+											<button id="bitrateset" autocomplete="off" class="btn btn-primary dropdown-toggle" data-toggle="dropdown">
+												Bandwidth<span class="caret"></span>
+											</button>
+											<ul id="bitrate" class="dropdown-menu" role="menu">
+												<li><a href="#" id="0">No limit</a></li>
+												<li><a href="#" id="128">Cap to 128kbit</a></li>
+												<li><a href="#" id="256">Cap to 256kbit</a></li>
+												<li><a href="#" id="512">Cap to 512kbit</a></li>
+												<li><a href="#" id="1024">Cap to 1mbit</a></li>
+												<li><a href="#" id="1500">Cap to 1.5mbit</a></li>
+												<li><a href="#" id="2000">Cap to 2mbit</a></li>
+											</ul>
+										</div>
+									</div>
+								</h3>
+							</div>
+							<div class="panel-body" id="videoleft"></div>
+						</div>
+						<div class="input-group margin-bottom-sm">
+							<span class="input-group-addon"><i class="fa fa-cloud-upload fa-fw"></i></span>
+							<input class="form-control" type="text" placeholder="Write a DataChannel message" autocomplete="off" id="datasend" onkeypress="return checkEnter(event);" disabled></input>
+						</div>
+					</div>
+					<div class="col-md-6">
+						<div class="panel panel-default">
+							<div class="panel-heading">
+								<h3 class="panel-title">Remote Stream <span class="label label-primary hide" id="curres"></span> <span class="label label-info hide" id="curbitrate"></span></h3>
+							</div>
+							<div class="panel-body" id="videoright"></div>
+						</div>
+						<div class="input-group margin-bottom-sm">
+							<span class="input-group-addon"><i class="fa fa-cloud-download fa-fw"></i></span>
+							<input class="form-control" type="text" id="datarecv" disabled></input>
+						</div>
+					</div>
+				</div>
+			</div>
+		</div>
+	</div>
+
+	<hr>
+	<div class="footer">
+	</div>
+</div>
+
+</body>
+</html>
diff --git a/html/e2etest.js b/html/e2etest.js
new file mode 100644
index 0000000000..41ebb489c6
--- /dev/null
+++ b/html/e2etest.js
@@ -0,0 +1,652 @@
+// We make use of this 'server' variable to provide the address of the
+// REST Janus API. By default, in this example we assume that Janus is
+// co-located with the web server hosting the HTML pages but listening
+// on a different port (8088, the default for HTTP in Janus), which is
+// why we make use of the 'window.location.hostname' base address. Since
+// Janus can also do HTTPS, and considering we don't really want to make
+// use of HTTP for Janus if your demos are served on HTTPS, we also rely
+// on the 'window.location.protocol' prefix to build the variable, in
+// particular to also change the port used to contact Janus (8088 for
+// HTTP and 8089 for HTTPS, if enabled).
+// In case you place Janus behind an Apache frontend (as we did on the
+// online demos at http://janus.conf.meetecho.com) you can just use a
+// relative path for the variable, e.g.:
+//
+// 		var server = "/janus";
+//
+// which will take care of this on its own.
+//
+//
+// If you want to use the WebSockets frontend to Janus, instead, you'll
+// have to pass a different kind of address, e.g.:
+//
+// 		var server = "ws://" + window.location.hostname + ":8188";
+//
+// Of course this assumes that support for WebSockets has been built in
+// when compiling the server. WebSockets support has not been tested
+// as much as the REST API, so handle with care!
+//
+//
+// If you have multiple options available, and want to let the library
+// autodetect the best way to contact your server (or pool of servers),
+// you can also pass an array of servers, e.g., to provide alternative
+// means of access (e.g., try WebSockets first and, if that fails, fall
+// back to plain HTTP) or just have failover servers:
+//
+//		var server = [
+//			"ws://" + window.location.hostname + ":8188",
+//			"/janus"
+//		];
+//
+// This will tell the library to try connecting to each of the servers
+// in the presented order. The first working server will be used for
+// the whole session.
+//
+var server = null;
+if(window.location.protocol === 'http:')
+	server = "http://" + window.location.hostname + ":8088/janus";
+else
+	server = "https://" + window.location.hostname + ":8089/janus";
+
+var janus = null;
+var echotest = null;
+var opaqueId = "echotest-"+Janus.randomString(12);
+
+var bitrateTimer = null;
+var spinner = null;
+
+var audioenabled = false;
+var videoenabled = false;
+
+var doSimulcast = (getQueryStringValue("simulcast") === "yes" || getQueryStringValue("simulcast") === "true");
+var doSimulcast2 = (getQueryStringValue("simulcast2") === "yes" || getQueryStringValue("simulcast2") === "true");
+var acodec = (getQueryStringValue("acodec") !== "" ? getQueryStringValue("acodec") : null);
+var vcodec = (getQueryStringValue("vcodec") !== "" ? getQueryStringValue("vcodec") : null);
+var simulcastStarted = false;
+
+$(document).ready(function() {
+	// Initialize the library (all console debuggers enabled)
+	Janus.init({debug: "all", callback: function() {
+		// Use a button to start the demo
+		$('#start').one('click', function() {
+			$(this).attr('disabled', true).unbind('click');
+			// Make sure the browser supports WebRTC
+			if(!Janus.isWebrtcSupported()) {
+				bootbox.alert("No WebRTC support... ");
+				return;
+			}
+			// Make sure Insertable Streams are supported too
+			if(!RTCRtpSender.prototype.createEncodedAudioStreams ||
+					!RTCRtpSender.prototype.createEncodedVideoStreams) {
+				bootbox.alert("Insertable Streams not supported by this browser... ");
+				return;
+			}
+			// Create session
+			janus = new Janus(
+				{
+					server: server,
+					// No "iceServers" is provided, meaning janus.js will use a default STUN server
+					// Here are some examples of how an iceServers field may look like to support TURN
+					// 		iceServers: [{urls: "turn:yourturnserver.com:3478", username: "janususer", credential: "januspwd"}],
+					// 		iceServers: [{urls: "turn:yourturnserver.com:443?transport=tcp", username: "janususer", credential: "januspwd"}],
+					// 		iceServers: [{urls: "turns:yourturnserver.com:443?transport=tcp", username: "janususer", credential: "januspwd"}],
+					// Should the Janus API require authentication, you can specify either the API secret or user token here too
+					//		token: "mytoken",
+					//	or
+					//		apisecret: "serversecret",
+					success: function() {
+						// Attach to EchoTest plugin
+						janus.attach(
+							{
+								plugin: "janus.plugin.echotest",
+								opaqueId: opaqueId,
+								success: function(pluginHandle) {
+									$('#details').remove();
+									echotest = pluginHandle;
+									Janus.log("Plugin attached! (" + echotest.getPlugin() + ", id=" + echotest.getId() + ")");
+									$('#start').removeAttr('disabled').html("Stop")
+										.click(function() {
+											$(this).attr('disabled', true);
+											if(bitrateTimer)
+												clearInterval(bitrateTimer);
+											bitrateTimer = null;
+											janus.destroy();
+										});
+									// Before starting, we prompt for a secret
+									promptCryptoKey();
+								},
+								error: function(error) {
+									console.error("  -- Error attaching plugin...", error);
+									bootbox.alert("Error attaching plugin... " + error);
+								},
+								consentDialog: function(on) {
+									Janus.debug("Consent dialog should be " + (on ? "on" : "off") + " now");
+									if(on) {
+										// Darken screen and show hint
+										$.blockUI({
+											message: '<div><img src="up_arrow.png"/></div>',
+											css: {
+												border: 'none',
+												padding: '15px',
+												backgroundColor: 'transparent',
+												color: '#aaa',
+												top: '10px',
+												left: (navigator.mozGetUserMedia ? '-100px' : '300px')
+											} });
+									} else {
+										// Restore screen
+										$.unblockUI();
+									}
+								},
+								iceState: function(state) {
+									Janus.log("ICE state changed to " + state);
+								},
+								mediaState: function(medium, on) {
+									Janus.log("Janus " + (on ? "started" : "stopped") + " receiving our " + medium);
+								},
+								webrtcState: function(on) {
+									Janus.log("Janus says our WebRTC PeerConnection is " + (on ? "up" : "down") + " now");
+									$("#videoleft").parent().unblock();
+								},
+								slowLink: function(uplink, lost) {
+									Janus.warn("Janus reports problems " + (uplink ? "sending" : "receiving") +
+										" packets on this PeerConnection (" + lost + " lost packets)");
+								},
+								onmessage: function(msg, jsep) {
+									Janus.debug(" ::: Got a message :::", msg);
+									if(jsep !== undefined && jsep !== null) {
+										Janus.debug("Handling SDP as well...", jsep);
+										echotest.handleRemoteJsep({ jsep: jsep });
+									}
+									var result = msg["result"];
+									if(result) {
+										if(result === "done") {
+											// The plugin closed the echo test
+											bootbox.alert("The Echo Test is over");
+											if(spinner)
+												spinner.stop();
+											spinner = null;
+											$('#myvideo').remove();
+											$('#waitingvideo').remove();
+											$('#peervideo').remove();
+											$('#toggleaudio').attr('disabled', true);
+											$('#togglevideo').attr('disabled', true);
+											$('#bitrate').attr('disabled', true);
+											$('#curbitrate').hide();
+											$('#curres').hide();
+											return;
+										}
+										// Any loss?
+										var status = result["status"];
+										if(status === "slow_link") {
+											//~ var bitrate = result["bitrate"];
+											//~ toastr.warning("The bitrate has been cut to " + (bitrate/1000) + "kbps", "Packet loss?", {timeOut: 2000});
+											toastr.warning("Janus apparently missed many packets we sent, maybe we should reduce the bitrate", "Packet loss?", {timeOut: 2000});
+										}
+									}
+									// Is simulcast in place?
+									var substream = msg["substream"];
+									var temporal = msg["temporal"];
+									if((substream !== null && substream !== undefined) || (temporal !== null && temporal !== undefined)) {
+										if(!simulcastStarted) {
+											simulcastStarted = true;
+											addSimulcastButtons(msg["videocodec"] === "vp8" || msg["videocodec"] === "h264");
+										}
+										// We just received notice that there's been a switch, update the buttons
+										updateSimulcastButtons(substream, temporal);
+									}
+								},
+								onlocalstream: function(stream) {
+									Janus.debug(" ::: Got a local stream :::", stream);
+									if($('#myvideo').length === 0) {
+										$('#videos').removeClass('hide').show();
+										$('#videoleft').append('<video class="rounded centered" id="myvideo" width=320 height=240 autoplay playsinline muted="muted"/>');
+									}
+									Janus.attachMediaStream($('#myvideo').get(0), stream);
+									$("#myvideo").get(0).muted = "muted";
+									if(echotest.webrtcStuff.pc.iceConnectionState !== "completed" &&
+											echotest.webrtcStuff.pc.iceConnectionState !== "connected") {
+										$("#videoleft").parent().block({
+											message: '<b>Publishing...</b>',
+											css: {
+												border: 'none',
+												backgroundColor: 'transparent',
+												color: 'white'
+											}
+										});
+										// No remote video yet
+										$('#videoright').append('<video class="rounded centered" id="waitingvideo" width=320 height=240 />');
+										if(spinner == null) {
+											var target = document.getElementById('videoright');
+											spinner = new Spinner({top:100}).spin(target);
+										} else {
+											spinner.spin();
+										}
+									}
+									var videoTracks = stream.getVideoTracks();
+									if(!videoTracks || videoTracks.length === 0) {
+										// No webcam
+										$('#myvideo').hide();
+										if($('#videoleft .no-video-container').length === 0) {
+											$('#videoleft').append(
+												'<div class="no-video-container">' +
+													'<i class="fa fa-video-camera fa-5 no-video-icon"></i>' +
+													'<span class="no-video-text">No webcam available</span>' +
+												'</div>');
+										}
+									} else {
+										$('#videoleft .no-video-container').remove();
+										$('#myvideo').removeClass('hide').show();
+									}
+								},
+								onremotestream: function(stream) {
+									Janus.debug(" ::: Got a remote stream :::", stream);
+									var addButtons = false;
+									if($('#peervideo').length === 0) {
+										addButtons = true;
+										$('#videos').removeClass('hide').show();
+										$('#videoright').append('<video class="rounded centered hide" id="peervideo" width=320 height=240 autoplay playsinline/>');
+										// Show the video, hide the spinner and show the resolution when we get a playing event
+										$("#peervideo").bind("playing", function () {
+											$('#waitingvideo').remove();
+											if(this.videoWidth)
+												$('#peervideo').removeClass('hide').show();
+											if(spinner !== null && spinner !== undefined)
+												spinner.stop();
+											spinner = null;
+											var width = this.videoWidth;
+											var height = this.videoHeight;
+											$('#curres').removeClass('hide').text(width+'x'+height).show();
+										});
+									}
+									Janus.attachMediaStream($('#peervideo').get(0), stream);
+									var videoTracks = stream.getVideoTracks();
+									if(!videoTracks || videoTracks.length === 0) {
+										// No remote video
+										$('#peervideo').hide();
+										if($('#videoright .no-video-container').length === 0) {
+											$('#videoright').append(
+												'<div class="no-video-container">' +
+													'<i class="fa fa-video-camera fa-5 no-video-icon"></i>' +
+													'<span class="no-video-text">No remote video available</span>' +
+												'</div>');
+										}
+									} else {
+										$('#videoright .no-video-container').remove();
+										$('#peervideo').removeClass('hide').show();
+									}
+									if(!addButtons)
+										return;
+									// Enable audio/video buttons and bitrate limiter
+									audioenabled = true;
+									videoenabled = true;
+									$('#toggleaudio').click(
+										function() {
+											audioenabled = !audioenabled;
+											if(audioenabled)
+												$('#toggleaudio').html("Disable audio").removeClass("btn-success").addClass("btn-danger");
+											else
+												$('#toggleaudio').html("Enable audio").removeClass("btn-danger").addClass("btn-success");
+											echotest.send({ message: { audio: audioenabled }});
+										});
+									$('#togglevideo').click(
+										function() {
+											videoenabled = !videoenabled;
+											if(videoenabled)
+												$('#togglevideo').html("Disable video").removeClass("btn-success").addClass("btn-danger");
+											else
+												$('#togglevideo').html("Enable video").removeClass("btn-danger").addClass("btn-success");
+											echotest.send({ message: { video: videoenabled }});
+										});
+									$('#toggleaudio').parent().removeClass('hide').show();
+									$('#bitrate a').click(function() {
+										var id = $(this).attr("id");
+										var bitrate = parseInt(id)*1000;
+										if(bitrate === 0) {
+											Janus.log("Not limiting bandwidth via REMB");
+										} else {
+											Janus.log("Capping bandwidth to " + bitrate + " via REMB");
+										}
+										$('#bitrateset').html($(this).html() + '<span class="caret"></span>').parent().removeClass('open');
+										echotest.send({ message: { bitrate: bitrate }});
+										return false;
+									});
+									if(Janus.webRTCAdapter.browserDetails.browser === "chrome" || Janus.webRTCAdapter.browserDetails.browser === "firefox" ||
+											Janus.webRTCAdapter.browserDetails.browser === "safari") {
+										$('#curbitrate').removeClass('hide').show();
+										bitrateTimer = setInterval(function() {
+											// Display updated bitrate, if supported
+											var bitrate = echotest.getBitrate();
+											$('#curbitrate').text(bitrate);
+											// Check if the resolution changed too
+											var width = $("#peervideo").get(0).videoWidth;
+											var height = $("#peervideo").get(0).videoHeight;
+											if(width > 0 && height > 0)
+												$('#curres').removeClass('hide').text(width+'x'+height).show();
+										}, 1000);
+									}
+								},
+								ondataopen: function(data) {
+									Janus.log("The DataChannel is available!");
+									$('#videos').removeClass('hide').show();
+									$('#datasend').removeAttr('disabled');
+								},
+								ondata: function(data) {
+									Janus.debug("We got data from the DataChannel!", data);
+									$('#datarecv').val(data);
+								},
+								oncleanup: function() {
+									Janus.log(" ::: Got a cleanup notification :::");
+									if(spinner)
+										spinner.stop();
+									spinner = null;
+									if(bitrateTimer)
+										clearInterval(bitrateTimer);
+									bitrateTimer = null;
+									$('#myvideo').remove();
+									$('#waitingvideo').remove();
+									$("#videoleft").parent().unblock();
+									$('#peervideo').remove();
+									$('#toggleaudio').attr('disabled', true);
+									$('#togglevideo').attr('disabled', true);
+									$('#bitrate').attr('disabled', true);
+									$('#curbitrate').hide();
+									$('#curres').hide();
+									$('#datasend').attr('disabled', true);
+									simulcastStarted = false;
+									$('#simulcast').remove();
+								}
+							});
+					},
+					error: function(error) {
+						Janus.error(error);
+						bootbox.alert(error, function() {
+							window.location.reload();
+						});
+					},
+					destroyed: function() {
+						window.location.reload();
+					}
+				});
+		});
+	}});
+});
+
+function checkEnter(event) {
+	var theCode = event.keyCode ? event.keyCode : event.which ? event.which : event.charCode;
+	if(theCode == 13) {
+		sendData();
+		return false;
+	} else {
+		return true;
+	}
+}
+
+function sendData() {
+	var data = $('#datasend').val();
+	if(data === "") {
+		bootbox.alert('Insert a message to send on the DataChannel');
+		return;
+	}
+	echotest.data({
+		text: data,
+		error: function(reason) { bootbox.alert(reason); },
+		success: function() { $('#datasend').val(''); },
+	});
+}
+
+// Helper to parse query string
+function getQueryStringValue(name) {
+	name = name.replace(/[\[]/, "\\[").replace(/[\]]/, "\\]");
+	var regex = new RegExp("[\\?&]" + name + "=([^&#]*)"),
+		results = regex.exec(location.search);
+	return results === null ? "" : decodeURIComponent(results[1].replace(/\+/g, " "));
+}
+
+// Helpers to create Simulcast-related UI, if enabled
+function addSimulcastButtons(temporal) {
+	$('#curres').parent().append(
+		'<div id="simulcast" class="btn-group-vertical btn-group-vertical-xs pull-right">' +
+		'	<div class"row">' +
+		'		<div class="btn-group btn-group-xs" style="width: 100%">' +
+		'			<button id="sl-2" type="button" class="btn btn-primary" data-toggle="tooltip" title="Switch to higher quality" style="width: 33%">SL 2</button>' +
+		'			<button id="sl-1" type="button" class="btn btn-primary" data-toggle="tooltip" title="Switch to normal quality" style="width: 33%">SL 1</button>' +
+		'			<button id="sl-0" type="button" class="btn btn-primary" data-toggle="tooltip" title="Switch to lower quality" style="width: 34%">SL 0</button>' +
+		'		</div>' +
+		'	</div>' +
+		'	<div class"row">' +
+		'		<div class="btn-group btn-group-xs hide" style="width: 100%">' +
+		'			<button id="tl-2" type="button" class="btn btn-primary" data-toggle="tooltip" title="Cap to temporal layer 2" style="width: 34%">TL 2</button>' +
+		'			<button id="tl-1" type="button" class="btn btn-primary" data-toggle="tooltip" title="Cap to temporal layer 1" style="width: 33%">TL 1</button>' +
+		'			<button id="tl-0" type="button" class="btn btn-primary" data-toggle="tooltip" title="Cap to temporal layer 0" style="width: 33%">TL 0</button>' +
+		'		</div>' +
+		'	</div>' +
+		'</div>');
+	// Enable the simulcast selection buttons
+	$('#sl-0').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Switching simulcast substream, wait for it... (lower quality)", null, {timeOut: 2000});
+			if(!$('#sl-2').hasClass('btn-success'))
+				$('#sl-2').removeClass('btn-primary btn-info').addClass('btn-primary');
+			if(!$('#sl-1').hasClass('btn-success'))
+				$('#sl-1').removeClass('btn-primary btn-info').addClass('btn-primary');
+			$('#sl-0').removeClass('btn-primary btn-info btn-success').addClass('btn-info');
+			echotest.send({ message: { substream: 0 }});
+		});
+	$('#sl-1').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Switching simulcast substream, wait for it... (normal quality)", null, {timeOut: 2000});
+			if(!$('#sl-2').hasClass('btn-success'))
+				$('#sl-2').removeClass('btn-primary btn-info').addClass('btn-primary');
+			$('#sl-1').removeClass('btn-primary btn-info btn-success').addClass('btn-info');
+			if(!$('#sl-0').hasClass('btn-success'))
+				$('#sl-0').removeClass('btn-primary btn-info').addClass('btn-primary');
+			echotest.send({ message: { substream: 1 }});
+		});
+	$('#sl-2').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Switching simulcast substream, wait for it... (higher quality)", null, {timeOut: 2000});
+			$('#sl-2').removeClass('btn-primary btn-info btn-success').addClass('btn-info');
+			if(!$('#sl-1').hasClass('btn-success'))
+				$('#sl-1').removeClass('btn-primary btn-info').addClass('btn-primary');
+			if(!$('#sl-0').hasClass('btn-success'))
+				$('#sl-0').removeClass('btn-primary btn-info').addClass('btn-primary');
+			echotest.send({ message: { substream: 2 }});
+		});
+	if(!temporal)	// No temporal layer support
+		return;
+	$('#tl-0').parent().removeClass('hide');
+	$('#tl-0').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Capping simulcast temporal layer, wait for it... (lowest FPS)", null, {timeOut: 2000});
+			if(!$('#tl-2').hasClass('btn-success'))
+				$('#tl-2').removeClass('btn-primary btn-info').addClass('btn-primary');
+			if(!$('#tl-1').hasClass('btn-success'))
+				$('#tl-1').removeClass('btn-primary btn-info').addClass('btn-primary');
+			$('#tl-0').removeClass('btn-primary btn-info btn-success').addClass('btn-info');
+			echotest.send({ message: { temporal: 0 }});
+		});
+	$('#tl-1').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Capping simulcast temporal layer, wait for it... (medium FPS)", null, {timeOut: 2000});
+			if(!$('#tl-2').hasClass('btn-success'))
+				$('#tl-2').removeClass('btn-primary btn-info').addClass('btn-primary');
+			$('#tl-1').removeClass('btn-primary btn-info').addClass('btn-info');
+			if(!$('#tl-0').hasClass('btn-success'))
+				$('#tl-0').removeClass('btn-primary btn-info').addClass('btn-primary');
+			echotest.send({ message: { temporal: 1 }});
+		});
+	$('#tl-2').removeClass('btn-primary btn-success').addClass('btn-primary')
+		.unbind('click').click(function() {
+			toastr.info("Capping simulcast temporal layer, wait for it... (highest FPS)", null, {timeOut: 2000});
+			$('#tl-2').removeClass('btn-primary btn-info btn-success').addClass('btn-info');
+			if(!$('#tl-1').hasClass('btn-success'))
+				$('#tl-1').removeClass('btn-primary btn-info').addClass('btn-primary');
+			if(!$('#tl-0').hasClass('btn-success'))
+				$('#tl-0').removeClass('btn-primary btn-info').addClass('btn-primary');
+			echotest.send({ message: { temporal: 2 }});
+		});
+}
+
+function updateSimulcastButtons(substream, temporal) {
+	// Check the substream
+	if(substream === 0) {
+		toastr.success("Switched simulcast substream! (lower quality)", null, {timeOut: 2000});
+		$('#sl-2').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#sl-1').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#sl-0').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+	} else if(substream === 1) {
+		toastr.success("Switched simulcast substream! (normal quality)", null, {timeOut: 2000});
+		$('#sl-2').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#sl-1').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+		$('#sl-0').removeClass('btn-primary btn-success').addClass('btn-primary');
+	} else if(substream === 2) {
+		toastr.success("Switched simulcast substream! (higher quality)", null, {timeOut: 2000});
+		$('#sl-2').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+		$('#sl-1').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#sl-0').removeClass('btn-primary btn-success').addClass('btn-primary');
+	}
+	// Check the temporal layer
+	if(temporal === 0) {
+		toastr.success("Capped simulcast temporal layer! (lowest FPS)", null, {timeOut: 2000});
+		$('#tl-2').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#tl-1').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#tl-0').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+	} else if(temporal === 1) {
+		toastr.success("Capped simulcast temporal layer! (medium FPS)", null, {timeOut: 2000});
+		$('#tl-2').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#tl-1').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+		$('#tl-0').removeClass('btn-primary btn-success').addClass('btn-primary');
+	} else if(temporal === 2) {
+		toastr.success("Capped simulcast temporal layer! (highest FPS)", null, {timeOut: 2000});
+		$('#tl-2').removeClass('btn-primary btn-info btn-success').addClass('btn-success');
+		$('#tl-1').removeClass('btn-primary btn-success').addClass('btn-primary');
+		$('#tl-0').removeClass('btn-primary btn-success').addClass('btn-primary');
+	}
+}
+
+// Custom functions to use with Insertable streams: the senderTransform
+// function is what we use to "encrypt" the media we send, while the
+// receiverTransform is what we use to "decrypt" the media we receive.
+// Both functions will use a secret that we'll prompt for when opening
+// the page, meaning that, ideally, we'll be the only one able to decrypt
+// it: Janus will not have access to the media. In a scenario involving
+// multiple participants (e.g., a video call or conference), to use these
+// same functions you'll want to distribute the secret among all participants
+// using an out of band mechanism, so that they can encrypt and decrypt
+// the media and keep Janus out of the loop. Notice that these functions
+// are just an example, and are basically exact copies from this demo:
+// 		https://github.com/webrtc/samples/blob/gh-pages/src/content/peerconnection/endtoend-encryption/js/main.js
+// That said, you're free (or actually, encouraged) to try and use other
+// custom, and more advanced, transform functions as well (e.g., SFrames).
+var currentCryptoKey = null;
+var currentKeyIdentifier = 0;
+function promptCryptoKey() {
+	bootbox.prompt("Insert crypto key (e.g., 'mysecret') to use", function(result) {
+		if(!result || result === "") {
+			promptCryptoKey();
+			return;
+		}
+		// Take note of the secret
+		currentCryptoKey = result;
+		currentKeyIdentifier++;
+		// Negotiate the WebRTC PeerConnection, now (clone of EchoTest demo code)
+		Janus.debug("Trying a createOffer too (audio/video sendrecv)");
+		echotest.createOffer(
+			{
+				// No media provided: by default, it's sendrecv for audio and video
+				media: { data: true },	// Let's negotiate data channels as well
+				// If you want to test simulcasting (Chrome and Firefox only), then
+				// pass a ?simulcast=true when opening this demo page: it will turn
+				// the following 'simulcast' property to pass to janus.js to true.
+				simulcast: doSimulcast,
+				simulcast2: doSimulcast2,
+				// Since we want to use Insertable Streams,
+				// we specify the transform functions to use
+				senderTransforms: senderTransforms,
+				receiverTransforms: receiverTransforms,
+				success: function(jsep) {
+					Janus.debug("Got SDP!", jsep);
+					var body = { audio: true, video: true, data: true };
+					// We can try and force a specific codec, by telling the plugin what we'd prefer
+					// For simplicity, you can set it via a query string (e.g., ?vcodec=vp9)
+					if(acodec)
+						body["audiocodec"] = acodec;
+					if(vcodec)
+						body["videocodec"] = vcodec;
+					echotest.send({ message: body, jsep: jsep });
+				},
+				error: function(error) {
+					Janus.error("WebRTC error:", error);
+					bootbox.alert("WebRTC error... " + error.message);
+				}
+			});
+	});
+}
+var senderTransforms = {}, receiverTransforms = {};
+for(var m of ["audio", "video"]) {
+	senderTransforms[m] = new TransformStream({
+		start() {
+			// Called on startup.
+			console.log("[Sender transform)] Startup");
+		},
+		transform(chunk, controller) {
+			// Copy of the above mentioned demo's encodeFunction()
+			const view = new DataView(chunk.data);
+			const newData = new ArrayBuffer(chunk.data.byteLength + 5);
+			const newView = new DataView(newData);
+			for(let i=0; i<10; ++i) {
+				newView.setInt8(i, view.getInt8(i));
+			}
+			// This is a bitwise xor of the key with the payload. This is not strong encryption, just a demo.
+			for(let i=10; i<chunk.data.byteLength; ++i) {
+				const keyByte = currentCryptoKey.charCodeAt(i % currentCryptoKey.length);
+				newView.setInt8(i, view.getInt8(i) ^ keyByte);
+			}
+			newView.setUint8(chunk.data.byteLength, currentKeyIdentifier % 0xff);
+			newView.setUint32(chunk.data.byteLength + 1, 0xDEADBEEF);
+			chunk.data = newData;
+			controller.enqueue(chunk);
+		},
+		flush() {
+			// Called when the stream is about to be closed
+			console.log("[Sender transform] Closing");
+		}
+	});
+	receiverTransforms[m] = new TransformStream({
+		start() {
+			// Called on startup.
+			console.log("[Receiver transform] Startup");
+		},
+		transform(chunk, controller) {
+			// Copy of the above mentioned demo's decodeFunction()
+			const view = new DataView(chunk.data);
+			const checksum = view.getUint32(chunk.data.byteLength - 4);
+			if(checksum !== 0xDEADBEEF) {
+				console.log('Corrupted frame received');
+				console.log(checksum.toString(16));
+				return;
+			}
+			const keyIdentifier = view.getUint8(chunk.data.byteLength - 5);
+			if(keyIdentifier !== currentKeyIdentifier) {
+				console.log(`Key identifier mismatch, got ${keyIdentifier} expected ${currentKeyIdentifier}.`);
+				return;
+			}
+			const newData = new ArrayBuffer(chunk.data.byteLength - 5);
+			const newView = new DataView(newData);
+			for(let i=0; i<10; ++i) {
+				newView.setInt8(i, view.getInt8(i));
+			}
+			for(let i=10; i<chunk.data.byteLength - 5; ++i) {
+				const keyByte = currentCryptoKey.charCodeAt(i % currentCryptoKey.length);
+				newView.setInt8(i, view.getInt8(i) ^ keyByte);
+			}
+			chunk.data = newData;
+			controller.enqueue(chunk);
+		},
+		flush() {
+			// Called when the stream is about to be closed
+			console.log("[Receiver transform] Closing");
+		}
+	});
+}
diff --git a/html/janus.js b/html/janus.js
index 4f911e26cb..1efe569e36 100644
--- a/html/janus.js
+++ b/html/janus.js
@@ -1296,8 +1296,14 @@ function Janus(gatewayCallbacks) {
 			request["token"] = pluginHandle.token;
 		if(apisecret)
 			request["apisecret"] = apisecret;
-		if(jsep)
-			request.jsep = jsep;
+		if(jsep) {
+			request.jsep = {
+				type: jsep.type,
+				sdp: jsep.sdp
+			};
+			if(jsep.e2ee)
+				request.jsep.e2ee = true;
+		}
 		Janus.debug("Sending message to plugin (handle=" + handleId + "):");
 		Janus.debug(request);
 		if(websockets) {
@@ -1728,6 +1734,16 @@ function Janus(gatewayCallbacks) {
 				// This is Edge, enable BUNDLE explicitly
 				pc_config.bundlePolicy = "max-bundle";
 			}
+			// Check if a sender or receiver transform has been provided
+			if(RTCRtpSender.prototype.createEncodedAudioStreams &&
+					RTCRtpSender.prototype.createEncodedVideoStreams &&
+					(callbacks.senderTransforms || callbacks.receiverTransforms)) {
+				config.senderTransforms = callbacks.senderTransforms;
+				config.receiverTransforms = callbacks.receiverTransforms;
+				pc_config["forceEncodedAudioInsertableStreams"] = true;
+				pc_config["forceEncodedVideoInsertableStreams"] = true;
+				pc_config["encodedInsertableStreams"] = true;
+			}
 			Janus.log("Creating PeerConnection");
 			Janus.debug(pc_constraints);
 			config.pc = new RTCPeerConnection(pc_config, pc_constraints);
@@ -1776,6 +1792,19 @@ function Janus(gatewayCallbacks) {
 				pluginHandle.onremotestream(config.remoteStream);
 				if(event.track.onended)
 					return;
+				if(config.receiverTransforms) {
+					var receiverStreams = null;
+					if(event.track.kind === "audio" && config.receiverTransforms["audio"]) {
+						receiverStreams = event.receiver.createEncodedAudioStreams();
+					} else if(event.track.kind === "video" && config.receiverTransforms["video"]) {
+						receiverStreams = event.receiver.createEncodedVideoStreams();
+					}
+					if(receiverStreams) {
+						receiverStreams.readableStream
+							.pipeThrough(config.receiverTransforms[event.track.kind])
+							.pipeTo(receiverStreams.writableStream);
+					}
+				}
 				var trackMutedTimeoutId = null;
 				Janus.log("Adding onended callback to track:", event.track);
 				event.track.onended = function(ev) {
@@ -1821,7 +1850,21 @@ function Janus(gatewayCallbacks) {
 			stream.getTracks().forEach(function(track) {
 				Janus.log('Adding local track:', track);
 				if(!simulcast2) {
-					config.pc.addTrack(track, stream);
+					var sender = config.pc.addTrack(track, stream);
+					// Check if insertable streams are involved
+					if(sender && config.senderTransforms) {
+						var senderStreams = null;
+						if(sender.track.kind === "audio" && config.senderTransforms["audio"]) {
+							senderStreams = sender.createEncodedAudioStreams();
+						} else if(sender.track.kind === "video" && config.senderTransforms["video"]) {
+							senderStreams = sender.createEncodedVideoStreams();
+						}
+						if(senderStreams) {
+							senderStreams.readableStream
+								.pipeThrough(config.senderTransforms[sender.track.kind])
+								.pipeTo(senderStreams.writableStream);
+						}
+					}
 				} else {
 					if(track.kind === "audio") {
 						config.pc.addTrack(track, stream);
@@ -2657,8 +2700,10 @@ function Janus(gatewayCallbacks) {
 					Janus.log("Waiting for all candidates...");
 					return;
 				}
-				Janus.log("Offer ready");
-				Janus.debug(callbacks);
+				// If transforms are present, notify Janus that the media is end-to-end encrypted
+				if(config.senderTransforms || config.receiverTransforms) {
+					offer["e2ee"] = true;
+				}
 				callbacks.success(offer);
 			}, callbacks.error);
 	}
@@ -2896,6 +2941,10 @@ function Janus(gatewayCallbacks) {
 					Janus.log("Waiting for all candidates...");
 					return;
 				}
+				// If transforms are present, notify Janus that the media is end-to-end encrypted
+				if(config.senderTransforms || config.receiverTransforms) {
+					answer["e2ee"] = true;
+				}
 				callbacks.success(answer);
 			}, callbacks.error);
 	}
@@ -3182,6 +3231,8 @@ function Janus(gatewayCallbacks) {
 			config.iceDone = false;
 			config.dataChannel = {};
 			config.dtmfSender = null;
+			config.senderTransforms = null;
+			config.receiverTransforms = null;
 		}
 		pluginHandle.oncleanup();
 	}
diff --git a/html/navbar.html b/html/navbar.html
index 45aeab135d..2f8ecf2fcb 100644
--- a/html/navbar.html
+++ b/html/navbar.html
@@ -28,6 +28,7 @@
 					<li><a href="nosiptest.html">NoSIP (SDP/RTP)</a></li>
 					<li class="divider"></li>
 					<li><a href="devicetest.html">Device Selection</a></li>
+					<li><a href="e2etest.html">End-to-end Encryption</a></li>
 					<li><a href="multiopus.html">Multichannel Opus (surround)</a></li>
 					<li><a href="vp9svctest.html">VP9-SVC Video Room</a></li>
 					<li class="divider"></li>
diff --git a/ice.c b/ice.c
index 3af534a62a..e8d097c43b 100644
--- a/ice.c
+++ b/ice.c
@@ -1417,6 +1417,7 @@ static void janus_ice_webrtc_free(janus_ice_handle *handle) {
 		janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_READY);
 		janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_CLEANING);
 		janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_HAS_AGENT);
+		janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE);
 		janus_mutex_unlock(&handle->mutex);
 		return;
 	}
@@ -1459,6 +1460,7 @@ static void janus_ice_webrtc_free(janus_ice_handle *handle) {
 	janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_READY);
 	janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_CLEANING);
 	janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_HAS_AGENT);
+	janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE);
 	if(!janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_STOP) && handle->hangup_reason) {
 		janus_ice_notify_hangup(handle, handle->hangup_reason);
 	}
diff --git a/ice.h b/ice.h
index 9bf0076a91..c56de70c46 100644
--- a/ice.h
+++ b/ice.h
@@ -213,6 +213,7 @@ typedef struct janus_ice_trickle janus_ice_trickle;
 #define JANUS_ICE_HANDLE_WEBRTC_RESEND_TRICKLES		(1 << 18)
 #define JANUS_ICE_HANDLE_WEBRTC_RFC4588_RTX			(1 << 19)
 #define JANUS_ICE_HANDLE_WEBRTC_NEW_DATACHAN_SDP	(1 << 20)
+#define JANUS_ICE_HANDLE_WEBRTC_E2EE				(1 << 21)
 
 
 /*! \brief Janus media statistics
diff --git a/janus.c b/janus.c
index 22c8b50e3a..99c1d073dc 100644
--- a/janus.c
+++ b/janus.c
@@ -102,8 +102,9 @@ static struct janus_json_parameter body_parameters[] = {
 };
 static struct janus_json_parameter jsep_parameters[] = {
 	{"type", JSON_STRING, JANUS_JSON_PARAM_REQUIRED},
+	{"sdp", JSON_STRING, JANUS_JSON_PARAM_REQUIRED},
 	{"trickle", JANUS_JSON_BOOL, 0},
-	{"sdp", JSON_STRING, JANUS_JSON_PARAM_REQUIRED}
+	{"e2ee", JANUS_JSON_BOOL, 0}
 };
 static struct janus_json_parameter add_token_parameters[] = {
 	{"token", JSON_STRING, JANUS_JSON_PARAM_REQUIRED},
@@ -1277,9 +1278,10 @@ int janus_process_incoming_request(janus_request *request) {
 			json_t *type = json_object_get(jsep, "type");
 			jsep_type = g_strdup(json_string_value(type));
 			type = NULL;
-			gboolean do_trickle = TRUE;
 			json_t *jsep_trickle = json_object_get(jsep, "trickle");
-			do_trickle = jsep_trickle ? json_is_true(jsep_trickle) : TRUE;
+			gboolean do_trickle = jsep_trickle ? json_is_true(jsep_trickle) : TRUE;
+			json_t *jsep_e2ee = json_object_get(jsep, "e2ee");
+			gboolean e2ee = jsep_e2ee ? json_is_true(jsep_e2ee) : FALSE;
 			/* Are we still cleaning up from a previous media session? */
 			if(janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_CLEANING)) {
 				JANUS_LOG(LOG_VERB, "[%"SCNu64"] Still cleaning up from a previous media session, let's wait a bit...\n", handle->handle_id);
@@ -1479,6 +1481,8 @@ int janus_process_incoming_request(janus_request *request) {
 			jsep_sdp_stripped = janus_sdp_write(parsed_sdp);
 			janus_sdp_destroy(parsed_sdp);
 			sdp = NULL;
+			if(e2ee)
+				janus_flags_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE);
 			janus_flags_clear(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_PROCESSING_OFFER);
 		}
 
@@ -1527,6 +1531,9 @@ int janus_process_incoming_request(janus_request *request) {
 			/* Check if this is a renegotiation or update */
 			if(renegotiation)
 				json_object_set_new(body_jsep, "update", json_true());
+			/* If media is encrypted end-to-end, the plugin may need to know */
+			if(janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE))
+				json_object_set_new(body_jsep, "e2ee", json_true());
 		}
 		janus_plugin_result *result = plugin_t->handle_message(handle->app_handle,
 			g_strdup((char *)transaction_text), body, body_jsep);
@@ -2680,6 +2687,7 @@ int janus_process_incoming_admin_request(janus_request *request) {
 		json_object_set_new(flags, "new-datachan-sdp", janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_NEW_DATACHAN_SDP) ? json_true() : json_false());
 		json_object_set_new(flags, "rfc4588-rtx", janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_RFC4588_RTX) ? json_true() : json_false());
 		json_object_set_new(flags, "cleaning", janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_CLEANING) ? json_true() : json_false());
+		json_object_set_new(flags, "e2ee", janus_flags_is_set(&handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE) ? json_true() : json_false());
 		json_object_set_new(info, "flags", flags);
 		if(handle->agent) {
 			json_object_set_new(info, "agent-created", json_integer(handle->agent_created));
@@ -3270,6 +3278,7 @@ int janus_plugin_push_event(janus_plugin_session *plugin_session, janus_plugin *
 	const char *sdp_type = json_string_value(json_object_get(jsep, "type"));
 	const char *sdp = json_string_value(json_object_get(jsep, "sdp"));
 	gboolean restart = json_object_get(jsep, "sdp") ? json_is_true(json_object_get(jsep, "restart")) : FALSE;
+	gboolean e2ee = json_object_get(jsep, "sdp") ? json_is_true(json_object_get(jsep, "e2ee")) : FALSE;
 	json_t *merged_jsep = NULL;
 	if(sdp_type != NULL && sdp != NULL) {
 		merged_jsep = janus_plugin_handle_sdp(plugin_session, plugin, sdp_type, sdp, restart);
@@ -3300,6 +3309,10 @@ int janus_plugin_push_event(janus_plugin_session *plugin_session, janus_plugin *
 	json_object_set_new(plugin_data, "data", message);
 	json_object_set_new(event, "plugindata", plugin_data);
 	if(merged_jsep != NULL) {
+		if(e2ee)
+			janus_flags_set(&ice_handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE);
+		if(janus_flags_is_set(&ice_handle->webrtc_flags, JANUS_ICE_HANDLE_WEBRTC_E2EE))
+			json_object_set_new(merged_jsep, "e2ee", json_true());
 		json_object_set_new(event, "jsep", merged_jsep);
 		/* In case event handlers are enabled, push the local SDP to all handlers */
 		if(janus_events_is_enabled()) {
diff --git a/plugins/janus_audiobridge.c b/plugins/janus_audiobridge.c
index af5d941482..200a1f1d3a 100644
--- a/plugins/janus_audiobridge.c
+++ b/plugins/janus_audiobridge.c
@@ -6085,6 +6085,13 @@ static void *janus_audiobridge_handler(void *data) {
 		} else {
 			JANUS_LOG(LOG_VERB, "This is involving a negotiation (%s) as well:\n%s\n", msg_sdp_type, msg_sdp);
 			/* Prepare an SDP answer */
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but we need unencrypted media frames to decode and mix */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_AUDIOBRIDGE_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			const char *type = "answer";
 			char error_str[512];
 			janus_sdp *offer = janus_sdp_parse(msg_sdp, error_str, sizeof(error_str));
diff --git a/plugins/janus_duktape.c b/plugins/janus_duktape.c
index dd33e8d76b..fd01760f0f 100644
--- a/plugins/janus_duktape.c
+++ b/plugins/janus_duktape.c
@@ -571,6 +571,8 @@ static duk_ret_t janus_duktape_method_pushevent(duk_context *ctx) {
 		asev->transaction = transaction ? g_strdup(transaction) : NULL;
 		asev->event = event;
 		asev->jsep = jsep;
+		if(json_is_true(json_object_get(jsep, "e2ee")))
+			session->e2ee = TRUE;
 		GError *error = NULL;
 		g_thread_try_new("duktape pushevent", janus_duktape_async_event_helper, asev, &error);
 		if(error != NULL) {
@@ -1203,18 +1205,27 @@ static duk_ret_t janus_duktape_method_startrecording(duk_context *ctx) {
 		}
 		if(!strcasecmp(type, "audio")) {
 			if(arc != NULL || session->arc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate audio recording\n");
 				goto error;
 			}
+			/* If media is encrypted, mark it in the recording */
+			if(session->e2ee)
+				janus_recorder_encrypted(rc);
 			arc = rc;
 		} else if(!strcasecmp(type, "video")) {
 			if(vrc != NULL || session->vrc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate video recording\n");
 				goto error;
 			}
+			/* If media is encrypted, mark it in the recording */
+			if(session->e2ee)
+				janus_recorder_encrypted(rc);
 			vrc = rc;
 		} else if(!strcasecmp(type, "data")) {
 			if(drc != NULL || session->drc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate data recording\n");
 				goto error;
 			}
@@ -2021,7 +2032,11 @@ struct janus_plugin_result *janus_duktape_handle_message(janus_plugin_session *h
 		return janus_plugin_result_new(JANUS_PLUGIN_ERROR, "No session associated with this handle", NULL);
 	}
 	char *jsep_text = jsep ? json_dumps(jsep, JSON_INDENT(0) | JSON_PRESERVE_ORDER) : NULL;
-	json_decref(jsep);
+	if(jsep != NULL) {
+		if(json_is_true(json_object_get(jsep, "e2ee")))
+			session->e2ee = TRUE;
+		json_decref(jsep);
+	}
 	/* Invoke the script function */
 	janus_mutex_lock(&duktape_mutex);
 	duk_idx_t thr_idx = duk_push_thread(duktape_ctx);
@@ -2427,6 +2442,7 @@ void janus_duktape_hangup_media(janus_plugin_session *handle) {
 	session->bitrate = 0;
 	session->pli_freq = 0;
 	session->pli_latest = 0;
+	session->e2ee = FALSE;
 	janus_rtp_switching_context_reset(&session->rtpctx);
 
 	/* Get rid of the recipients */
diff --git a/plugins/janus_duktape_data.h b/plugins/janus_duktape_data.h
index 647c3125bf..012ad02650 100644
--- a/plugins/janus_duktape_data.h
+++ b/plugins/janus_duktape_data.h
@@ -68,6 +68,7 @@ typedef struct janus_duktape_session {
 	janus_recorder *arc;				/* The Janus recorder instance for audio, if enabled */
 	janus_recorder *vrc;				/* The Janus recorder instance for video, if enabled */
 	janus_recorder *drc;				/* The Janus recorder instance for data, if enabled */
+	gboolean e2ee;						/* Whether media is encrypted, e.g., using Insertable Streams */
 	janus_mutex rec_mutex;				/* Mutex to protect the recorders from race conditions */
 	volatile gint started;				/* Whether this session's PeerConnection is ready or not */
 	volatile gint dataready;			/* Whether the data channel was established on this sessions's PeerConnection */
diff --git a/plugins/janus_echotest.c b/plugins/janus_echotest.c
index 2119064de7..d9ffdf4cba 100644
--- a/plugins/janus_echotest.c
+++ b/plugins/janus_echotest.c
@@ -225,6 +225,7 @@ typedef struct janus_echotest_session {
 	janus_recorder *arc;	/* The Janus recorder instance for this user's audio, if enabled */
 	janus_recorder *vrc;	/* The Janus recorder instance for this user's video, if enabled */
 	janus_recorder *drc;	/* The Janus recorder instance for this user's data, if enabled */
+	gboolean e2ee;			/* Whether media is encrypted, e.g., using Insertable Streams */
 	janus_mutex rec_mutex;	/* Mutex to protect the recorders from race conditions */
 	guint16 slowlink_count;
 	volatile gint hangingup;
@@ -485,6 +486,8 @@ json_t *janus_echotest_query_session(janus_plugin_session *handle) {
 			json_object_set_new(recording, "data", json_string(session->drc->filename));
 		json_object_set_new(info, "recording", recording);
 	}
+	if(session->e2ee)
+		json_object_set_new(info, "e2ee", json_true());
 	json_object_set_new(info, "slowlink_count", json_integer(session->slowlink_count));
 	json_object_set_new(info, "hangingup", json_integer(g_atomic_int_get(&session->hangingup)));
 	json_object_set_new(info, "destroyed", json_integer(g_atomic_int_get(&session->destroyed)));
@@ -808,6 +811,7 @@ static void janus_echotest_hangup_media_internal(janus_plugin_session *handle) {
 	session->vcodec = JANUS_VIDEOCODEC_NONE;
 	g_free(session->vfmtp);
 	session->vfmtp = NULL;
+	session->e2ee = FALSE;
 	session->bitrate = 0;
 	session->peer_bitrate = 0;
 	int i=0;
@@ -879,6 +883,9 @@ static void *janus_echotest_handler(void *data) {
 			session->sim_context.substream_target = 2;	/* Let's aim for the highest quality */
 			session->sim_context.templayer_target = 2;	/* Let's aim for all temporal layers */
 		}
+		json_t *msg_e2ee = json_object_get(msg->jsep, "e2ee");
+		if(json_is_true(msg_e2ee))
+			session->e2ee = TRUE;
 		json_t *audio = json_object_get(root, "audio");
 		if(audio && !json_is_boolean(audio)) {
 			JANUS_LOG(LOG_ERR, "Invalid element (audio should be a boolean)\n");
@@ -1126,6 +1133,8 @@ static void *janus_echotest_handler(void *data) {
 			janus_sdp_destroy(offer);
 			janus_sdp_destroy(answer);
 			json_t *jsep = json_pack("{ssss}", "type", type, "sdp", sdp);
+			if(session->e2ee)
+				json_object_set_new(jsep, "e2ee", json_true());
 			/* How long will the core take to push the event? */
 			g_atomic_int_set(&session->hangingup, 0);
 			gint64 start = janus_get_monotonic_time();
@@ -1149,44 +1158,50 @@ static void *janus_echotest_handler(void *data) {
 				char filename[255];
 				gint64 now = janus_get_real_time();
 				if(session->has_audio) {
-					/* FIXME We assume we're recording Opus, here */
+					/* Prepare an audio recording */
+					janus_recorder *rc = NULL;
 					memset(filename, 0, 255);
 					if(recording_base) {
 						/* Use the filename and path we have been provided */
 						g_snprintf(filename, 255, "%s-audio", recording_base);
-						session->arc = janus_recorder_create(NULL, janus_audiocodec_name(session->acodec), filename);
-						if(session->arc == NULL) {
+						rc = janus_recorder_create(NULL, janus_audiocodec_name(session->acodec), filename);
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open an audio recording file for this EchoTest user!\n");
 						}
 					} else {
 						/* Build a filename */
 						g_snprintf(filename, 255, "echotest-%p-%"SCNi64"-audio", session, now);
-						session->arc = janus_recorder_create(NULL, janus_audiocodec_name(session->acodec), filename);
-						if(session->arc == NULL) {
+						rc = janus_recorder_create(NULL, janus_audiocodec_name(session->acodec), filename);
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open an audio recording file for this EchoTest user!\n");
 						}
 					}
+					/* If media is encrypted, mark it in the recording */
+					if(session->e2ee)
+						janus_recorder_encrypted(rc);
+					session->arc = rc;
 				}
 				if(session->has_video) {
-					/* FIXME We assume we're recording VP8, here */
+					/* Prepare a video recording */
+					janus_recorder *rc = NULL;
 					memset(filename, 0, 255);
 					if(recording_base) {
 						/* Use the filename and path we have been provided */
 						g_snprintf(filename, 255, "%s-video", recording_base);
-						session->vrc = janus_recorder_create_full(NULL,
+						rc = janus_recorder_create_full(NULL,
 							janus_videocodec_name(session->vcodec), session->vfmtp, filename);
-						if(session->vrc == NULL) {
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open an video recording file for this EchoTest user!\n");
 						}
 					} else {
 						/* Build a filename */
 						g_snprintf(filename, 255, "echotest-%p-%"SCNi64"-video", session, now);
-						session->vrc = janus_recorder_create_full(NULL,
+						rc = janus_recorder_create_full(NULL,
 							janus_videocodec_name(session->vcodec), session->vfmtp, filename);
-						if(session->vrc == NULL) {
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open an video recording file for this EchoTest user!\n");
 						}
@@ -1194,26 +1209,34 @@ static void *janus_echotest_handler(void *data) {
 					/* Send a PLI */
 					JANUS_LOG(LOG_VERB, "Recording video, sending a PLI to kickstart it\n");
 					gateway->send_pli(session->handle);
+					/* If media is encrypted, mark it in the recording */
+					if(session->e2ee)
+						janus_recorder_encrypted(rc);
+					session->vrc = rc;
 				}
 				if(session->has_data) {
+					/* Prepare a data recording */
+					janus_recorder *rc = NULL;
 					memset(filename, 0, 255);
 					if(recording_base) {
 						/* Use the filename and path we have been provided */
 						g_snprintf(filename, 255, "%s-data", recording_base);
-						session->drc = janus_recorder_create(NULL, "text", filename);
-						if(session->drc == NULL) {
+						rc = janus_recorder_create(NULL, "text", filename);
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open a text data recording file for this EchoTest user!\n");
 						}
 					} else {
 						/* Build a filename */
 						g_snprintf(filename, 255, "echotest-%p-%"SCNi64"-data", session, now);
-						session->drc = janus_recorder_create(NULL, "text", filename);
-						if(session->drc == NULL) {
+						rc = janus_recorder_create(NULL, "text", filename);
+						if(rc == NULL) {
 							/* FIXME We should notify the fact the recorder could not be created */
 							JANUS_LOG(LOG_ERR, "Couldn't open a text data recording file for this EchoTest user!\n");
 						}
 					}
+					/* Media encryption doesn't apply to data channels */
+					session->drc = rc;
 				}
 			}
 			janus_mutex_unlock(&session->rec_mutex);
diff --git a/plugins/janus_lua.c b/plugins/janus_lua.c
index 7534d170a3..dedacf6616 100644
--- a/plugins/janus_lua.c
+++ b/plugins/janus_lua.c
@@ -500,6 +500,8 @@ static int janus_lua_method_pushevent(lua_State *s) {
 		asev->transaction = transaction ? g_strdup(transaction) : NULL;
 		asev->event = event;
 		asev->jsep = jsep;
+		if(json_is_true(json_object_get(jsep, "e2ee")))
+			session->e2ee = TRUE;
 		GError *error = NULL;
 		g_thread_try_new("lua pushevent", janus_lua_async_event_helper, asev, &error);
 		if(error != NULL) {
@@ -1072,18 +1074,27 @@ static int janus_lua_method_startrecording(lua_State *s) {
 		}
 		if(!strcasecmp(type, "audio")) {
 			if(arc != NULL || session->arc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate audio recording\n");
 				goto error;
 			}
+			/* If media is encrypted, mark it in the recording */
+			if(session->e2ee)
+				janus_recorder_encrypted(rc);
 			arc = rc;
 		} else if(!strcasecmp(type, "video")) {
 			if(vrc != NULL || session->vrc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate video recording\n");
 				goto error;
 			}
+			/* If media is encrypted, mark it in the recording */
+			if(session->e2ee)
+				janus_recorder_encrypted(rc);
 			vrc = rc;
 		} else if(!strcasecmp(type, "data")) {
 			if(drc != NULL || session->drc != NULL) {
+				janus_recorder_destroy(rc);
 				JANUS_LOG(LOG_ERR, "Duplicate data recording\n");
 				goto error;
 			}
@@ -1747,7 +1758,11 @@ struct janus_plugin_result *janus_lua_handle_message(janus_plugin_session *handl
 		return janus_plugin_result_new(JANUS_PLUGIN_ERROR, "No session associated with this handle", NULL);
 	}
 	char *jsep_text = jsep ? json_dumps(jsep, JSON_INDENT(0) | JSON_PRESERVE_ORDER) : NULL;
-	json_decref(jsep);
+	if(jsep != NULL) {
+		if(json_is_true(json_object_get(jsep, "e2ee")))
+			session->e2ee = TRUE;
+		json_decref(jsep);
+	}
 	/* Invoke the script function */
 	janus_mutex_lock(&lua_mutex);
 	lua_State *t = lua_newthread(lua_state);
@@ -2103,6 +2118,7 @@ void janus_lua_hangup_media(janus_plugin_session *handle) {
 	session->bitrate = 0;
 	session->pli_freq = 0;
 	session->pli_latest = 0;
+	session->e2ee = FALSE;
 	janus_rtp_switching_context_reset(&session->rtpctx);
 
 	/* Get rid of the recipients */
diff --git a/plugins/janus_lua_data.h b/plugins/janus_lua_data.h
index 449e0adb7e..c1d50d8670 100644
--- a/plugins/janus_lua_data.h
+++ b/plugins/janus_lua_data.h
@@ -68,6 +68,7 @@ typedef struct janus_lua_session {
 	janus_recorder *arc;				/* The Janus recorder instance for audio, if enabled */
 	janus_recorder *vrc;				/* The Janus recorder instance for video, if enabled */
 	janus_recorder *drc;				/* The Janus recorder instance for data, if enabled */
+	gboolean e2ee;						/* Whether media is encrypted, e.g., using Insertable Streams */
 	janus_mutex rec_mutex;				/* Mutex to protect the recorders from race conditions */
 	volatile gint started;				/* Whether this session's PeerConnection is ready or not */
 	volatile gint dataready;			/* Whether the data channel was established on this sessions's PeerConnection */
diff --git a/plugins/janus_nosip.c b/plugins/janus_nosip.c
index 78d1c9f077..87d8ab524b 100644
--- a/plugins/janus_nosip.c
+++ b/plugins/janus_nosip.c
@@ -1320,6 +1320,13 @@ static void *janus_nosip_handler(void *data) {
 				g_snprintf(error_cause, 512, "The NoSIP plugin does not support DataChannels");
 				goto error;
 			}
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but legacy endpoints will need unencrypted media frames */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_NOSIP_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			/* Check if the user provided an info string to provide context */
 			const char *info = json_string_value(json_object_get(root, "info"));
 			/* SDES-SRTP is disabled by default, let's see if we need to enable it */
diff --git a/plugins/janus_recordplay.c b/plugins/janus_recordplay.c
index 989e670173..c99ee62a35 100644
--- a/plugins/janus_recordplay.c
+++ b/plugins/janus_recordplay.c
@@ -405,6 +405,7 @@ typedef struct janus_recordplay_recording {
 	char *vfmtp;				/* Video fmtp, if any */
 	int video_pt;				/* Payload types to use for audio when playing recordings */
 	char *offer;				/* The SDP offer that will be sent to watchers */
+	gboolean e2ee;				/* Whether media in the recording is encrypted, e.g., using Insertable Streams */
 	GList *viewers;				/* List of users watching this recording */
 	volatile gint completed;	/* Whether this recording was completed or still going on */
 	volatile gint destroyed;	/* Whether this recording has been marked as destroyed */
@@ -492,10 +493,12 @@ void janus_recordplay_send_rtcp_feedback(janus_plugin_session *handle, int video
 #define AUDIO_PT		111
 #define VIDEO_PT		100
 
-/* Helper method to check which codec was used in a specific recording */
-static const char *janus_recordplay_parse_codec(const char *dir, const char *filename, char *fmtp, size_t fmtplen) {
+/* Helper method to check which codec was used in a specific recording (and if it's end-to-end encrypted) */
+static const char *janus_recordplay_parse_codec(const char *dir, const char *filename, char *fmtp, size_t fmtplen, gboolean *e2ee) {
 	if(dir == NULL || filename == NULL)
 		return NULL;
+	if(e2ee)
+		*e2ee = FALSE;
 	char source[1024];
 	if(strstr(filename, ".mjr"))
 		g_snprintf(source, 1024, "%s/%s", dir, filename);
@@ -595,6 +598,10 @@ static const char *janus_recordplay_parse_codec(const char *dir, const char *fil
 					fclose(file);
 					return NULL;
 				}
+				/* Check if the recording is end-to-end encrypted */
+				json_t *e = json_object_get(info, "e");
+				if(e2ee)
+					*e2ee = json_is_true(e);
 				/* Any fmtp? */
 				json_t *f = json_object_get(info, "f");
 				if(f && json_is_string(f) && fmtp && fmtplen > 0)
@@ -911,6 +918,8 @@ json_t *janus_recordplay_query_session(janus_plugin_session *handle) {
 		janus_refcount_increase(&session->recording->ref);
 		json_object_set_new(info, "recording_id", json_integer(session->recording->id));
 		json_object_set_new(info, "recording_name", json_string(session->recording->name));
+		if(session->recording->e2ee)
+			json_object_set_new(info, "e2ee", json_true());
 		janus_refcount_decrease(&session->recording->ref);
 	}
 	json_object_set_new(info, "hangingup", json_integer(g_atomic_int_get(&session->hangingup)));
@@ -1449,6 +1458,7 @@ static void *janus_recordplay_handler(void *data) {
 		gboolean sdp_update = FALSE;
 		if(json_object_get(msg->jsep, "update") != NULL)
 			sdp_update = json_is_true(json_object_get(msg->jsep, "update"));
+		gboolean e2ee = json_is_true(json_object_get(msg->jsep, "e2ee"));
 		const char *filename_text = NULL;
 		if(!strcasecmp(request_text, "record")) {
 			if(!msg_sdp || !msg_sdp_type || strcasecmp(msg_sdp_type, "offer")) {
@@ -1504,6 +1514,7 @@ static void *janus_recordplay_handler(void *data) {
 				audio = (session->arc != NULL);
 				video = (session->vrc != NULL);
 				sdp_update = do_update;
+				e2ee = rec->e2ee;
 				goto recdone;
 			}
 			/* If we're here, we're doing a new recording */
@@ -1540,6 +1551,7 @@ static void *janus_recordplay_handler(void *data) {
 			rec->offer = NULL;
 			rec->acodec = JANUS_AUDIOCODEC_NONE;
 			rec->vcodec = JANUS_VIDEOCODEC_NONE;
+			rec->e2ee = e2ee;
 			g_atomic_int_set(&rec->destroyed, 0);
 			g_atomic_int_set(&rec->completed, 0);
 			janus_refcount_init(&rec->ref, janus_recordplay_recording_free);
@@ -1610,6 +1622,7 @@ static void *janus_recordplay_handler(void *data) {
 			char outstr[200];
 			strftime(outstr, sizeof(outstr), "%Y-%m-%d %H:%M:%S", tmv);
 			rec->date = g_strdup(outstr);
+			/* Create the recordings */
 			if(audio) {
 				char filename[256];
 				if(filename_text != NULL) {
@@ -1618,7 +1631,11 @@ static void *janus_recordplay_handler(void *data) {
 					g_snprintf(filename, 256, "rec-%"SCNu64"-audio", id);
 				}
 				rec->arc_file = g_strdup(filename);
-				session->arc = janus_recorder_create(recordings_path, janus_audiocodec_name(rec->acodec), rec->arc_file);
+				janus_recorder *rc = janus_recorder_create(recordings_path, janus_audiocodec_name(rec->acodec), rec->arc_file);
+				/* If media is encrypted, mark it in the recording */
+				if(e2ee)
+					janus_recorder_encrypted(rc);
+				session->arc = rc;
 			}
 			if(video) {
 				char filename[256];
@@ -1628,8 +1645,12 @@ static void *janus_recordplay_handler(void *data) {
 					g_snprintf(filename, 256, "rec-%"SCNu64"-video", id);
 				}
 				rec->vrc_file = g_strdup(filename);
-				session->vrc = janus_recorder_create_full(recordings_path,
+				janus_recorder *rc = janus_recorder_create_full(recordings_path,
 					janus_videocodec_name(rec->vcodec), rec->vfmtp, rec->vrc_file);
+				/* If media is encrypted, mark it in the recording */
+				if(e2ee)
+					janus_recorder_encrypted(rc);
+				session->vrc = rc;
 			}
 			session->recorder = TRUE;
 			session->recording = rec;
@@ -1732,6 +1753,7 @@ static void *janus_recordplay_handler(void *data) {
 				id_value = rec->id;
 				session->sdp_version++;		/* This needs to be increased when it changes */
 				sdp_update = TRUE;
+				e2ee = rec->e2ee;
 				/* Let's overwrite a couple o= fields, in case this is a renegotiation */
 				char error_str[512];
 				janus_sdp *offer = janus_sdp_parse(rec->offer, error_str, sizeof(error_str));
@@ -1787,6 +1809,7 @@ static void *janus_recordplay_handler(void *data) {
 			session->recording = rec;
 			session->recorder = FALSE;
 			rec->viewers = g_list_append(rec->viewers, session);
+			e2ee = rec->e2ee;
 			/* Send this viewer the prepared offer  */
 			sdp = g_strdup(rec->offer);
 playdone:
@@ -1868,6 +1891,8 @@ static void *janus_recordplay_handler(void *data) {
 			json_t *jsep = json_pack("{ssss}", "type", type, "sdp", sdp);
 			if(sdp_update)
 				json_object_set_new(jsep, "restart", json_true());
+			if(e2ee)
+				json_object_set_new(jsep, "e2ee", json_true());
 			/* How long will the gateway take to push the event? */
 			g_atomic_int_set(&session->hangingup, 0);
 			gint64 start = janus_get_monotonic_time();
@@ -1989,24 +2014,32 @@ void janus_recordplay_update_recordings_list(void) {
 			char *ext = strstr(rec->arc_file, ".mjr");
 			if(ext != NULL)
 				*ext = '\0';
-			/* Check which codec is in this recording */
+			/* Check which codec is in this recording (and if it's end-to-end encrypted) */
+			gboolean e2ee = FALSE;
 			char fmtp[256];
 			fmtp[0] = '\0';
-			rec->acodec = janus_audiocodec_from_name(janus_recordplay_parse_codec(recordings_path, rec->arc_file, fmtp, sizeof(fmtp)));
+			rec->acodec = janus_audiocodec_from_name(janus_recordplay_parse_codec(recordings_path,
+				rec->arc_file, fmtp, sizeof(fmtp), &e2ee));
 			if(strlen(fmtp) > 0)
 				rec->afmtp = g_strdup(fmtp);
+			if(e2ee)
+				rec->e2ee = TRUE;
 		}
 		if(video && video->value) {
 			rec->vrc_file = g_strdup(video->value);
 			char *ext = strstr(rec->vrc_file, ".mjr");
 			if(ext != NULL)
 				*ext = '\0';
-			/* Check which codec is in this recording */
+			/* Check which codec is in this recording (and if it's end-to-end encrypted) */
+			gboolean e2ee = FALSE;
 			char fmtp[256];
 			fmtp[0] = '\0';
-			rec->vcodec = janus_videocodec_from_name(janus_recordplay_parse_codec(recordings_path, rec->vrc_file, fmtp, sizeof(fmtp)));
+			rec->vcodec = janus_videocodec_from_name(janus_recordplay_parse_codec(recordings_path,
+				rec->vrc_file, fmtp, sizeof(fmtp), &e2ee));
 			if(strlen(fmtp) > 0)
 				rec->vfmtp = g_strdup(fmtp);
+			if(e2ee)
+				rec->e2ee = TRUE;
 		}
 		rec->audio_pt = AUDIO_PT;
 		if(rec->acodec != JANUS_AUDIOCODEC_NONE) {
diff --git a/plugins/janus_sip.c b/plugins/janus_sip.c
index 5d37d61f89..1f25304250 100644
--- a/plugins/janus_sip.c
+++ b/plugins/janus_sip.c
@@ -3218,6 +3218,13 @@ static void *janus_sip_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing SDP");
 				goto error;
 			}
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but SIP endpoints will need unencrypted media frames */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_SIP_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			if(strstr(msg_sdp, "m=application")) {
 				JANUS_LOG(LOG_ERR, "The SIP plugin does not support DataChannels\n");
 				error_code = JANUS_SIP_ERROR_MISSING_SDP;
@@ -3490,6 +3497,13 @@ static void *janus_sip_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing SDP");
 				goto error;
 			}
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but SIP endpoints will need unencrypted media frames */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_SIP_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			/* Accept a call from another peer */
 			JANUS_LOG(LOG_VERB, "We're accepting the call from %s\n", session->callee);
 			gboolean answer = !strcasecmp(msg_sdp_type, "answer");
@@ -3646,6 +3660,13 @@ static void *janus_sip_handler(void *data) {
 				g_snprintf(error_cause, 512, "Missing SDP update");
 				goto error;
 			}
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but SIP endpoints will need unencrypted media frames */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_SIP_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			const char *msg_sdp_type = json_string_value(json_object_get(msg->jsep, "type"));
 			gboolean offer = !strcasecmp(msg_sdp_type, "offer");
 			if(!offer && session->status == janus_sip_call_status_incall) {
diff --git a/plugins/janus_streaming.c b/plugins/janus_streaming.c
index d249c856f6..716a725c80 100644
--- a/plugins/janus_streaming.c
+++ b/plugins/janus_streaming.c
@@ -125,6 +125,15 @@ feed the mountpoint, as you may risk getting SRTP decrypt errors:
 srtpsuite = 32
 srtpcrypto = WbTBosdVUZqEb6Htqhn+m3z7wUh4RJVR8nE15GbN
 
+The Streaming plugin can also be used to (re)stream media that has been
+encrypted using something that can be consumed via Insertable Streams.
+In that case, we only need to be aware of it, so that we can send the
+info along with the SDP. How to decrypt the media is out of scope, and
+up to the application since, again, this is end-to-end encryption and
+so neither Janus nor the Streaming plugin have access to anything.
+DO NOT SET THIS PROPERTY IF YOU DON'T KNOW WHAT YOU'RE DOING!
+e2ee = true
+
 The following options are only valid for the 'rstp' type:
 url = RTSP stream URL
 rtsp_user = RTSP authorization username, if needed
@@ -825,7 +834,8 @@ static struct janus_json_parameter rtp_parameters[] = {
 	{"collision", JSON_INTEGER, JANUS_JSON_PARAM_POSITIVE},
 	{"threads", JSON_INTEGER, JANUS_JSON_PARAM_POSITIVE},
 	{"srtpsuite", JSON_INTEGER, JANUS_JSON_PARAM_POSITIVE},
-	{"srtpcrypto", JSON_STRING, 0}
+	{"srtpcrypto", JSON_STRING, 0},
+	{"e2ee", JANUS_JSON_BOOL, 0}
 };
 static struct janus_json_parameter live_parameters[] = {
 	{"filename", JSON_STRING, JANUS_JSON_PARAM_REQUIRED},
@@ -1068,12 +1078,14 @@ typedef struct janus_streaming_rtp_source {
 	janus_network_address audio_iface;
 	janus_network_address video_iface;
 	janus_network_address data_iface;
-	/* Only needed for SRTP forwarders */
+	/* Only needed for SRTP support */
 	gboolean is_srtp;
 	int srtpsuite;
 	char *srtpcrypto;
 	srtp_t srtp_ctx;
 	srtp_policy_t srtp_policy;
+	/* If the media is end-to-end encrypted, we may need to know */
+	gboolean e2ee;
 } janus_streaming_rtp_source;
 
 typedef struct janus_streaming_file_source {
@@ -1155,7 +1167,7 @@ static void janus_streaming_helper_rtprtcp_packet(gpointer data, gpointer user_d
 /* Helper to create an RTP live source (e.g., from gstreamer/ffmpeg/vlc/etc.) */
 janus_streaming_mountpoint *janus_streaming_create_rtp_source(
 		uint64_t id, char *id_str, char *name, char *desc, char *metadata,
-		int srtpsuite, char *srtpcrypto, int threads,
+		int srtpsuite, char *srtpcrypto, int threads, gboolean e2ee,
 		gboolean doaudio, gboolean doaudiortcp, char *amcast, const janus_network_address *aiface,
 			uint16_t aport, uint16_t artcpport, uint8_t acodec, char *artpmap, char *afmtp, gboolean doaskew,
 		gboolean dovideo, gboolean dovideortcp, char *vmcast, const janus_network_address *viface,
@@ -1201,6 +1213,8 @@ typedef struct janus_streaming_session {
 	int spatial_layer, target_spatial_layer;
 	gint64 last_spatial_layer[3];
 	int temporal_layer, target_temporal_layer;
+	/* If the media is end-to-end encrypted, we may need to know */
+	gboolean e2ee;
 	janus_mutex mutex;
 	volatile gint dataready;
 	volatile gint stopping;
@@ -1729,6 +1743,7 @@ int janus_streaming_init(janus_callbacks *callback, const char *config_path) {
 				janus_config_item *threads = janus_config_get(config, cat, janus_config_type_item, "threads");
 				janus_config_item *ssuite = janus_config_get(config, cat, janus_config_type_item, "srtpsuite");
 				janus_config_item *scrypto = janus_config_get(config, cat, janus_config_type_item, "srtpcrypto");
+				janus_config_item *e2ee = janus_config_get(config, cat, janus_config_type_item, "e2ee");
 				gboolean is_private = priv && priv->value && janus_is_true(priv->value);
 				gboolean doaudio = audio && audio->value && janus_is_true(audio->value);
 				gboolean doaskew = audio && askew && askew->value && janus_is_true(askew->value);
@@ -1884,7 +1899,8 @@ int janus_streaming_init(janus_callbacks *callback, const char *config_path) {
 						md ? (char *)md->value : NULL,
 						ssuite && ssuite->value ? atoi(ssuite->value) : 0,
 						scrypto && scrypto->value ? (char *)scrypto->value : NULL,
-						(threads && threads->value) ?  atoi(threads->value) : 0,
+						(threads && threads->value) ? atoi(threads->value) : 0,
+						(e2ee && e2ee->value) ? janus_is_true(e2ee->value) : FALSE,
 						doaudio, doaudiortcp,
 						amcast ? (char *)amcast->value : NULL,
 						doaudio && aiface && aiface->value ? &audio_iface : NULL,
@@ -2349,6 +2365,9 @@ json_t *janus_streaming_query_session(janus_plugin_session *handle) {
 		}
 		janus_refcount_decrease(&mp->ref);
 	}
+	if(session->e2ee)
+		json_object_set_new(info, "e2ee", json_true());
+	json_object_set_new(info, "hangingup", json_integer(g_atomic_int_get(&session->hangingup)));
 	json_object_set_new(info, "started", json_integer(g_atomic_int_get(&session->started)));
 	json_object_set_new(info, "dataready", json_integer(g_atomic_int_get(&session->dataready)));
 	json_object_set_new(info, "paused", json_integer(g_atomic_int_get(&session->paused)));
@@ -2710,6 +2729,7 @@ static json_t *janus_streaming_process_synchronous_request(janus_streaming_sessi
 			json_t *threads = json_object_get(root, "threads");
 			json_t *ssuite = json_object_get(root, "srtpsuite");
 			json_t *scrypto = json_object_get(root, "srtpcrypto");
+			json_t *e2ee = json_object_get(root, "e2ee");
 			gboolean doaudio = audio ? json_is_true(audio) : FALSE, doaudiortcp = FALSE;
 			gboolean dovideo = video ? json_is_true(video) : FALSE, dovideortcp = FALSE;
 			gboolean dodata = data ? json_is_true(data) : FALSE;
@@ -2906,6 +2926,7 @@ static json_t *janus_streaming_process_synchronous_request(janus_streaming_sessi
 					ssuite ? json_integer_value(ssuite) : 0,
 					scrypto ? (char *)json_string_value(scrypto) : NULL,
 					threads ? json_integer_value(threads) : 0,
+					e2ee ? json_is_true(e2ee) : FALSE,
 					doaudio, doaudiortcp, amcast, &audio_iface, aport, artcpport, acodec, artpmap, afmtp, doaskew,
 					dovideo, dovideortcp, vmcast, &video_iface, vport, vrtcpport, vcodec, vrtpmap, vfmtp, bufferkf,
 					simulcast, vport2, vport3, dosvc, dovskew,
@@ -3915,6 +3936,9 @@ static json_t *janus_streaming_process_synchronous_request(janus_streaming_sessi
 					g_snprintf(error_cause, 512, "Error starting recorder for audio");
 					goto prepare_response;
 				}
+				/* If media is encrypted, mark it in the recording */
+				if(source->e2ee)
+					janus_recorder_encrypted(arc);
 				JANUS_LOG(LOG_INFO, "[%s] Audio recording started\n", mp->name);
 			}
 			if(video) {
@@ -3946,6 +3970,9 @@ static json_t *janus_streaming_process_synchronous_request(janus_streaming_sessi
 					g_snprintf(error_cause, 512, "Error starting recorder for video");
 					goto prepare_response;
 				}
+				/* If media is encrypted, mark it in the recording */
+				if(source->e2ee)
+					janus_recorder_encrypted(vrc);
 				JANUS_LOG(LOG_INFO, "[%s] Video recording started\n", mp->name);
 			}
 			if(data) {
@@ -4451,6 +4478,7 @@ static void janus_streaming_hangup_media_internal(janus_plugin_session *handle)
 	session->last_spatial_layer[2] = 0;
 	session->temporal_layer = -1;
 	session->target_temporal_layer = 2;	/* FIXME Chrome sends 0, 1 and 2 */
+	session->e2ee = FALSE;
 	janus_mutex_lock(&session->mutex);
 	janus_streaming_mountpoint *mp = session->mountpoint;
 	session->mountpoint = NULL;
@@ -4780,6 +4808,9 @@ static void *janus_streaming_handler(void *data) {
 							session->target_temporal_layer, session->temporal_layer);
 					}
 				}
+				/* If this mountpoint is broadcasting end-to-end encrypted media,
+				 * add the info to the JSEP offer we'll be sending them */
+				session->e2ee = source->e2ee;
 			}
 			janus_refcount_increase(&session->ref);
 done:
@@ -5229,6 +5260,8 @@ static void *janus_streaming_handler(void *data) {
 		json_t *jsep = json_pack("{ssss}", "type", sdp_type, "sdp", sdp);
 		if(do_restart)
 			json_object_set_new(jsep, "restart", json_true());
+		if(session->e2ee)
+			json_object_set_new(jsep, "e2ee", json_true());
 		json_t *event = json_object();
 		json_object_set_new(event, "streaming", json_string("event"));
 		if(result != NULL)
@@ -5555,7 +5588,7 @@ static void janus_streaming_file_source_free(janus_streaming_file_source *source
 /* Helper to create an RTP live source (e.g., from gstreamer/ffmpeg/vlc/etc.) */
 janus_streaming_mountpoint *janus_streaming_create_rtp_source(
 		uint64_t id, char *id_str, char *name, char *desc, char *metadata,
-		int srtpsuite, char *srtpcrypto, int threads,
+		int srtpsuite, char *srtpcrypto, int threads, gboolean e2ee,
 		gboolean doaudio, gboolean doaudiortcp, char *amcast, const janus_network_address *aiface, uint16_t aport, uint16_t artcpport, uint8_t acodec, char *artpmap, char *afmtp, gboolean doaskew,
 		gboolean dovideo, gboolean dovideortcp, char *vmcast, const janus_network_address *viface, uint16_t vport, uint16_t vrtcpport, uint8_t vcodec, char *vrtpmap, char *vfmtp, gboolean bufferkf,
 			gboolean simulcast, uint16_t vport2, uint16_t vport3, gboolean svc, gboolean dovskew, int rtp_collision,
@@ -5846,6 +5879,7 @@ janus_streaming_mountpoint *janus_streaming_create_rtp_source(
 		live_rtp_source->srtpsuite = srtpsuite;
 		live_rtp_source->srtpcrypto = g_strdup(srtpcrypto);
 	}
+	live_rtp_source->e2ee = e2ee;
 	live_rtp_source->audio_mcast = doaudio ? (amcast ? inet_addr(amcast) : INADDR_ANY) : INADDR_ANY;
 	live_rtp_source->audio_iface = doaudio && !janus_network_address_is_null(aiface) ? *aiface : nil;
 	live_rtp_source->audio_port = doaudio ? aport : -1;
diff --git a/plugins/janus_videocall.c b/plugins/janus_videocall.c
index 4bba2b7b3f..fd7f7e4f2c 100644
--- a/plugins/janus_videocall.c
+++ b/plugins/janus_videocall.c
@@ -385,6 +385,7 @@ typedef struct janus_videocall_session {
 	janus_recorder *arc;	/* The Janus recorder instance for this user's audio, if enabled */
 	janus_recorder *vrc;	/* The Janus recorder instance for this user's video, if enabled */
 	janus_recorder *drc;	/* The Janus recorder instance for this user's data, if enabled */
+	gboolean e2ee;			/* Whether media is encrypted, e.g., using Insertable Streams */
 	janus_mutex rec_mutex;	/* Mutex to protect the recorders from race conditions */
 	volatile gint incall;
 	volatile gint dataready;
@@ -684,6 +685,8 @@ json_t *janus_videocall_query_session(janus_plugin_session *handle) {
 		json_object_set_new(info, "recording", recording);
 	}
 	json_object_set_new(info, "incall", json_integer(g_atomic_int_get(&session->incall)));
+	if(session->e2ee)
+		json_object_set_new(info, "e2ee", json_true());
 	json_object_set_new(info, "hangingup", json_integer(g_atomic_int_get(&session->hangingup)));
 	json_object_set_new(info, "destroyed", json_integer(g_atomic_int_get(&session->destroyed)));
 	janus_refcount_decrease(&session->ref);
@@ -1024,6 +1027,7 @@ static void janus_videocall_hangup_media_internal(janus_plugin_session *handle)
 	session->vcodec = JANUS_VIDEOCODEC_NONE;
 	session->bitrate = 0;
 	session->peer_bitrate = 0;
+	session->e2ee = FALSE;
 	int i=0;
 	for(i=0; i<3; i++) {
 		session->ssrc[i] = 0;
@@ -1091,6 +1095,9 @@ static void *janus_videocall_handler(void *data) {
 			goto error;
 		const char *msg_sdp_type = json_string_value(json_object_get(msg->jsep, "type"));
 		const char *msg_sdp = json_string_value(json_object_get(msg->jsep, "sdp"));
+		json_t *msg_e2ee = json_object_get(msg->jsep, "e2ee");
+		if(json_is_true(msg_e2ee))
+			session->e2ee = TRUE;
 		json_t *request = json_object_get(root, "request");
 		const char *request_text = json_string_value(request);
 		json_t *result = NULL;
@@ -1288,6 +1295,8 @@ static void *janus_videocall_handler(void *data) {
 				json_object_set_new(calling, "username", json_string(session->username));
 				json_object_set_new(call, "result", calling);
 				json_t *jsep = json_pack("{ssss}", "type", msg_sdp_type, "sdp", msg_sdp);
+				if(session->e2ee)
+					json_object_set_new(jsep, "e2ee", json_true());
 				g_atomic_int_set(&session->hangingup, 0);
 				int ret = gateway->push_event(peer->handle, &janus_videocall_plugin, NULL, call, jsep);
 				JANUS_LOG(LOG_VERB, "  >> Pushing event to peer: %d (%s)\n", ret, janus_get_api_error(ret));
@@ -1377,6 +1386,8 @@ static void *janus_videocall_handler(void *data) {
 			janus_sdp_destroy(answer);
 			/* Send SDP to our peer */
 			json_t *jsep = json_pack("{ssss}", "type", msg_sdp_type, "sdp", msg_sdp);
+			if(session->e2ee)
+				json_object_set_new(jsep, "e2ee", json_true());
 			json_t *call = json_object();
 			json_object_set_new(call, "videocall", json_string("event"));
 			json_t *calling = json_object();
@@ -1529,7 +1540,8 @@ static void *janus_videocall_handler(void *data) {
 					char filename[255];
 					gint64 now = janus_get_real_time();
 					if(session->has_audio) {
-						/* FIXME We assume we're recording Opus, here */
+						/* Prepare an audio recording */
+						janus_recorder *rc = NULL;
 						memset(filename, 0, 255);
 						if(recording_base) {
 							/* Use the filename and path we have been provided */
@@ -1551,9 +1563,14 @@ static void *janus_videocall_handler(void *data) {
 								JANUS_LOG(LOG_ERR, "Couldn't open an audio recording file for this VideoCall user!\n");
 							}
 						}
+						/* If media is encrypted, mark it in the recording */
+						if(session->e2ee)
+							janus_recorder_encrypted(rc);
+						session->arc = rc;
 					}
 					if(session->has_video) {
-						/* FIXME We assume we're recording VP8, here */
+						/* Prepare a video recording */
+						janus_recorder *rc = NULL;
 						memset(filename, 0, 255);
 						if(recording_base) {
 							/* Use the filename and path we have been provided */
@@ -1578,14 +1595,20 @@ static void *janus_videocall_handler(void *data) {
 						/* Send a PLI */
 						JANUS_LOG(LOG_VERB, "Recording video, sending a PLI to kickstart it\n");
 						gateway->send_pli(session->handle);
+						/* If media is encrypted, mark it in the recording */
+						if(session->e2ee)
+							janus_recorder_encrypted(rc);
+						session->vrc = rc;
 					}
 					if(session->has_data) {
+						/* Prepare a data recording */
+						janus_recorder *rc = NULL;
 						memset(filename, 0, 255);
 						if(recording_base) {
 							/* Use the filename and path we have been provided */
 							g_snprintf(filename, 255, "%s-data", recording_base);
-							session->drc = janus_recorder_create(NULL, "text", filename);
-							if(session->drc == NULL) {
+							rc = janus_recorder_create(NULL, "text", filename);
+							if(rc == NULL) {
 								/* FIXME We should notify the fact the recorder could not be created */
 								JANUS_LOG(LOG_ERR, "Couldn't open a data recording file for this VideoCall user!\n");
 							}
@@ -1595,12 +1618,14 @@ static void *janus_videocall_handler(void *data) {
 								session->username ? session->username : "unknown",
 								(peer && peer->username) ? peer->username : "unknown",
 								now);
-							session->drc = janus_recorder_create(NULL, "text", filename);
-							if(session->drc == NULL) {
+							rc = janus_recorder_create(NULL, "text", filename);
+							if(rc == NULL) {
 								/* FIXME We should notify the fact the recorder could not be created */
 								JANUS_LOG(LOG_ERR, "Couldn't open a data recording file for this VideoCall user!\n");
 							}
 						}
+						/* Media encryption doesn't apply to data channels */
+						session->drc = rc;
 					}
 				}
 				janus_mutex_unlock(&session->rec_mutex);
diff --git a/plugins/janus_videoroom.c b/plugins/janus_videoroom.c
index 98bc3e67d5..1b1eb6554d 100644
--- a/plugins/janus_videoroom.c
+++ b/plugins/janus_videoroom.c
@@ -88,6 +88,8 @@ room-<unique room ID>: {
 				new feeds (publishers), and enabling this may result extra notification
 				traffic. This flag is particularly useful when enabled with \c require_pvtid
 				for admin to manage listening only participants. default=false)
+	require_e2ee = true|false (whether all participants are required to publish and subscribe
+				using end-to-end media encryption, e.g., via Insertable Streams; default=false)
 }
 \endverbatim
  *
@@ -1210,6 +1212,7 @@ static struct janus_json_parameter create_parameters[] = {
 	{"lock_record", JANUS_JSON_BOOL, 0},
 	{"permanent", JANUS_JSON_BOOL, 0},
 	{"notify_joining", JANUS_JSON_BOOL, 0},
+	{"require_e2ee", JANUS_JSON_BOOL, 0}
 };
 static struct janus_json_parameter edit_parameters[] = {
 	{"secret", JSON_STRING, 0},
@@ -1404,6 +1407,7 @@ typedef struct janus_videoroom {
 	gchar *room_pin;			/* Password needed to join this room, if any */
 	gboolean is_private;		/* Whether this room is 'private' (as in hidden) or not */
 	gboolean require_pvtid;		/* Whether subscriptions in this room require a private_id */
+	gboolean require_e2ee;		/* Whether end-to-end encrypted publishers are required */
 	int max_publishers;			/* Maximum number of concurrent publishers */
 	uint32_t bitrate;			/* Global bitrate limit */
 	gboolean bitrate_cap;		/* Whether the above limit is insormountable */
@@ -1589,6 +1593,7 @@ typedef struct janus_videoroom_publisher {
 	janus_mutex rtp_forwarders_mutex;
 	int udp_sock; /* The udp socket on which to forward rtp packets */
 	gboolean kicked;	/* Whether this participant has been kicked */
+	gboolean e2ee;		/* If media from this publisher is end-to-end encrypted */
 	volatile gint destroyed;
 	janus_refcount ref;
 } janus_videoroom_publisher;
@@ -1619,6 +1624,7 @@ typedef struct janus_videoroom_subscriber {
 	int spatial_layer, target_spatial_layer;
 	gint64 last_spatial_layer[3];
 	int temporal_layer, target_temporal_layer;
+	gboolean e2ee;		/* If media for this subscriber is end-to-end encrypted */
 	volatile gint destroyed;
 	janus_refcount ref;
 } janus_videoroom_subscriber;
@@ -2134,6 +2140,7 @@ int janus_videoroom_init(janus_callbacks *callback, const char *config_path) {
 			janus_config_item *playoutdelay_ext = janus_config_get(config, cat, janus_config_type_item, "playoutdelay_ext");
 			janus_config_item *transport_wide_cc_ext = janus_config_get(config, cat, janus_config_type_item, "transport_wide_cc_ext");
 			janus_config_item *notify_joining = janus_config_get(config, cat, janus_config_type_item, "notify_joining");
+			janus_config_item *req_e2ee = janus_config_get(config, cat, janus_config_type_item, "require_e2ee");
 			janus_config_item *record = janus_config_get(config, cat, janus_config_type_item, "record");
 			janus_config_item *rec_dir = janus_config_get(config, cat, janus_config_type_item, "rec_dir");
 			janus_config_item *lock_record = janus_config_get(config, cat, janus_config_type_item, "lock_record");
@@ -2186,6 +2193,7 @@ int janus_videoroom_init(janus_callbacks *callback, const char *config_path) {
 			}
 			videoroom->is_private = priv && priv->value && janus_is_true(priv->value);
 			videoroom->require_pvtid = req_pvtid && req_pvtid->value && janus_is_true(req_pvtid->value);
+			videoroom->require_e2ee = req_e2ee && req_e2ee->value && janus_is_true(req_e2ee->value);
 			videoroom->max_publishers = 3;	/* FIXME How should we choose a default? */
 			if(maxp != NULL && maxp->value != NULL)
 				videoroom->max_publishers = atol(maxp->value);
@@ -2348,6 +2356,9 @@ int janus_videoroom_init(janus_callbacks *callback, const char *config_path) {
 				JANUS_LOG(LOG_VERB, "  -- Room is going to be recorded in %s\n",
 					videoroom->rec_dir ? videoroom->rec_dir : "the current folder");
 			}
+			if(videoroom->require_e2ee) {
+				JANUS_LOG(LOG_VERB, "  -- All publishers MUST use end-to-end encryption\n");
+			}
 			cl = cl->next;
 		}
 		/* Done: we keep the configuration file open in case we get a "create" or "destroy" with permanent=true */
@@ -2709,6 +2720,8 @@ json_t *janus_videoroom_query_session(janus_plugin_session *handle) {
 					json_object_set_new(info, "audio-level-dBov", json_integer(participant->audio_dBov_level));
 					json_object_set_new(info, "talking", participant->talking ? json_true() : json_false());
 				}
+				if(participant->e2ee)
+					json_object_set_new(info, "e2ee", json_true());
 				janus_refcount_decrease(&participant->ref);
 			}
 		} else if(session->participant_type == janus_videoroom_p_type_subscriber) {
@@ -2751,6 +2764,8 @@ json_t *janus_videoroom_query_session(janus_plugin_session *handle) {
 					json_object_set_new(svc, "target-temporal-layer", json_integer(participant->target_temporal_layer));
 					json_object_set_new(info, "svc", svc);
 				}
+				if(participant->e2ee)
+					json_object_set_new(info, "e2ee", json_true());
 			}
 		}
 	}
@@ -2863,6 +2878,7 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 		json_t *desc = json_object_get(root, "description");
 		json_t *is_private = json_object_get(root, "is_private");
 		json_t *req_pvtid = json_object_get(root, "require_pvtid");
+		json_t *req_e2ee = json_object_get(root, "require_e2ee");
 		json_t *secret = json_object_get(root, "secret");
 		json_t *pin = json_object_get(root, "pin");
 		json_t *bitrate = json_object_get(root, "bitrate");
@@ -3023,6 +3039,7 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 		videoroom->room_name = description;
 		videoroom->is_private = is_private ? json_is_true(is_private) : FALSE;
 		videoroom->require_pvtid = req_pvtid ? json_is_true(req_pvtid) : FALSE;
+		videoroom->require_e2ee = req_e2ee ? json_is_true(req_e2ee) : FALSE;
 		if(secret)
 			videoroom->room_secret = g_strdup(json_string_value(secret));
 		if(pin)
@@ -3182,6 +3199,9 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 		if(videoroom->record) {
 			JANUS_LOG(LOG_VERB, "  -- Room is going to be recorded in %s\n", videoroom->rec_dir ? videoroom->rec_dir : "the current folder");
 		}
+		if(videoroom->require_e2ee) {
+			JANUS_LOG(LOG_VERB, "  -- All publishers MUST use end-to-end encryption\n");
+		}
 		if(save) {
 			/* This room is permanent: save to the configuration file too
 			 * FIXME: We should check if anything fails... */
@@ -3197,6 +3217,8 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 				janus_config_add(config, c, janus_config_item_create("is_private", "yes"));
 			if(videoroom->require_pvtid)
 				janus_config_add(config, c, janus_config_item_create("require_pvtid", "yes"));
+			if(videoroom->require_e2ee)
+				janus_config_add(config, c, janus_config_item_create("require_e2ee", "yes"));
 			g_snprintf(value, BUFSIZ, "%"SCNu32, videoroom->bitrate);
 			janus_config_add(config, c, janus_config_item_create("bitrate", value));
 			if(videoroom->bitrate_cap)
@@ -3377,6 +3399,8 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 				janus_config_add(config, c, janus_config_item_create("is_private", "yes"));
 			if(videoroom->require_pvtid)
 				janus_config_add(config, c, janus_config_item_create("require_pvtid", "yes"));
+			if(videoroom->require_e2ee)
+				janus_config_add(config, c, janus_config_item_create("require_e2ee", "yes"));
 			g_snprintf(value, BUFSIZ, "%"SCNu32, videoroom->bitrate);
 			janus_config_add(config, c, janus_config_item_create("bitrate", value));
 			if(videoroom->bitrate_cap)
@@ -3590,6 +3614,7 @@ static json_t *janus_videoroom_process_synchronous_request(janus_videoroom_sessi
 					json_object_set_new(rl, "bitrate_cap", json_true());
 				json_object_set_new(rl, "fir_freq", json_integer(room->fir_freq));
 				json_object_set_new(rl, "require_pvtid", room->require_pvtid ? json_true() : json_false());
+				json_object_set_new(rl, "require_e2ee", room->require_e2ee ? json_true() : json_false());
 				json_object_set_new(rl, "notify_joining", room->notify_joining ? json_true() : json_false());
 				char audio_codecs[100];
 				char video_codecs[100];
@@ -5276,27 +5301,32 @@ void janus_videoroom_slow_link(janus_plugin_session *handle, int uplink, int vid
 
 static void janus_videoroom_recorder_create(janus_videoroom_publisher *participant, gboolean audio, gboolean video, gboolean data) {
 	char filename[255];
+	janus_recorder *rc = NULL;
 	gint64 now = janus_get_real_time();
 	if(audio && participant->arc == NULL) {
 		memset(filename, 0, 255);
 		if(participant->recording_base) {
 			/* Use the filename and path we have been provided */
 			g_snprintf(filename, 255, "%s-audio", participant->recording_base);
-			participant->arc = janus_recorder_create(participant->room->rec_dir,
+			rc = janus_recorder_create(participant->room->rec_dir,
 				janus_audiocodec_name(participant->acodec), filename);
-			if(participant->arc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an audio recording file for this publisher!\n");
 			}
 		} else {
 			/* Build a filename */
 			g_snprintf(filename, 255, "videoroom-%s-user-%s-%"SCNi64"-audio",
 				participant->room_id_str, participant->user_id_str, now);
-			participant->arc = janus_recorder_create(participant->room->rec_dir,
+			rc = janus_recorder_create(participant->room->rec_dir,
 				janus_audiocodec_name(participant->acodec), filename);
-			if(participant->arc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an audio recording file for this publisher!\n");
 			}
 		}
+		/* If media is encrypted, mark it in the recording */
+		if(participant->e2ee)
+			janus_recorder_encrypted(rc);
+		participant->arc = rc;
 	}
 	if(video && participant->vrc == NULL) {
 		janus_rtp_switching_context_reset(&participant->rec_ctx);
@@ -5307,42 +5337,48 @@ static void janus_videoroom_recorder_create(janus_videoroom_publisher *participa
 		if(participant->recording_base) {
 			/* Use the filename and path we have been provided */
 			g_snprintf(filename, 255, "%s-video", participant->recording_base);
-			participant->vrc = janus_recorder_create_full(participant->room->rec_dir,
+			rc = janus_recorder_create_full(participant->room->rec_dir,
 				janus_videocodec_name(participant->vcodec), participant->vfmtp, filename);
-			if(participant->vrc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an video recording file for this publisher!\n");
 			}
 		} else {
 			/* Build a filename */
 			g_snprintf(filename, 255, "videoroom-%s-user-%s-%"SCNi64"-video",
 				participant->room_id_str, participant->user_id_str, now);
-			participant->vrc = janus_recorder_create_full(participant->room->rec_dir,
+			rc = janus_recorder_create_full(participant->room->rec_dir,
 				janus_videocodec_name(participant->vcodec), participant->vfmtp, filename);
-			if(participant->vrc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an video recording file for this publisher!\n");
 			}
 		}
+		/* If media is encrypted, mark it in the recording */
+		if(participant->e2ee)
+			janus_recorder_encrypted(rc);
+		participant->vrc = rc;
 	}
 	if(data && participant->drc == NULL) {
 		memset(filename, 0, 255);
 		if(participant->recording_base) {
 			/* Use the filename and path we have been provided */
 			g_snprintf(filename, 255, "%s-data", participant->recording_base);
-			participant->drc = janus_recorder_create(participant->room->rec_dir,
+			rc = janus_recorder_create(participant->room->rec_dir,
 				"text", filename);
-			if(participant->drc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an data recording file for this publisher!\n");
 			}
 		} else {
 			/* Build a filename */
 			g_snprintf(filename, 255, "videoroom-%s-user-%s-%"SCNi64"-data",
 				participant->room_id_str, participant->user_id_str, now);
-			participant->drc = janus_recorder_create(participant->room->rec_dir,
+			rc = janus_recorder_create(participant->room->rec_dir,
 				"text", filename);
-			if(participant->drc == NULL) {
+			if(rc == NULL) {
 				JANUS_LOG(LOG_ERR, "Couldn't open an data recording file for this publisher!\n");
 			}
 		}
+		/* Media encryption doesn't apply to data channels */
+		participant->drc = rc;
 	}
 }
 
@@ -5479,6 +5515,7 @@ static void janus_videoroom_hangup_media_internal(janus_plugin_session *handle)
 				janus_videoroom_hangup_subscriber(s);
 			}
 		}
+		participant->e2ee = FALSE;
 		janus_mutex_unlock(&participant->subscribers_mutex);
 		janus_videoroom_leave_or_unpublish(participant, FALSE, FALSE);
 		janus_refcount_decrease(&participant->ref);
@@ -5505,6 +5542,7 @@ static void janus_videoroom_hangup_media_internal(janus_plugin_session *handle)
 				janus_videoroom_hangup_subscriber(subscriber);
 				janus_mutex_unlock(&publisher->subscribers_mutex);
 			}
+			subscriber->e2ee = FALSE;
 		}
 		/* TODO Should we close the handle as well? */
 	}
@@ -6016,6 +6054,7 @@ static void *janus_videoroom_handler(void *data) {
 					subscriber->room = videoroom;
 					videoroom = NULL;
 					subscriber->feed = publisher;
+					subscriber->e2ee = publisher->e2ee;
 					subscriber->pvt_id = pvt_id;
 					subscriber->close_pc = close_pc;
 					/* Initialize the subscriber context */
@@ -6114,6 +6153,8 @@ static void *janus_videoroom_handler(void *data) {
 						char* sdp = janus_sdp_write(offer);
 						json_t *jsep = json_pack("{ssss}", "type", "offer", "sdp", sdp);
 						g_free(sdp);
+						if(subscriber->e2ee)
+							json_object_set_new(jsep, "e2ee", json_true());
 						janus_mutex_unlock(&publisher->subscribers_mutex);
 						/* How long will the Janus core take to push the event? */
 						g_atomic_int_set(&session->hangingup, 0);
@@ -6699,6 +6740,8 @@ static void *janus_videoroom_handler(void *data) {
 						json_t *jsep = json_pack("{ssss}", "type", "offer", "sdp", newsdp);
 						if(do_restart)
 							json_object_set_new(jsep, "restart", json_true());
+						if(subscriber->e2ee)
+							json_object_set_new(jsep, "e2ee", json_true());
 						/* How long will the Janus core take to push the event? */
 						gint64 start = janus_get_monotonic_time();
 						int res = gateway->push_event(msg->handle, &janus_videoroom_plugin, msg->transaction, event, jsep);
@@ -6881,6 +6924,7 @@ static void *janus_videoroom_handler(void *data) {
 		const char *msg_sdp_type = json_string_value(json_object_get(msg->jsep, "type"));
 		const char *msg_sdp = json_string_value(json_object_get(msg->jsep, "sdp"));
 		json_t *msg_simulcast = json_object_get(msg->jsep, "simulcast");
+		gboolean e2ee = json_is_true(json_object_get(msg->jsep, "e2ee"));
 		if(!msg_sdp) {
 			/* No SDP to send */
 			int ret = gateway->push_event(msg->handle, &janus_videoroom_plugin, msg->transaction, event, NULL);
@@ -6955,6 +6999,15 @@ static void *janus_videoroom_handler(void *data) {
 					g_snprintf(error_cause, 512, "Maximum number of publishers (%d) already reached", videoroom->max_publishers);
 					goto error;
 				}
+				if(videoroom->require_e2ee && !e2ee && !participant->e2ee) {
+					participant->audio_active = FALSE;
+					participant->video_active = FALSE;
+					participant->data_active = FALSE;
+					JANUS_LOG(LOG_ERR, "Room requires end-to-end encrypted media\n");
+					error_code = JANUS_VIDEOROOM_ERROR_UNAUTHORIZED;
+					g_snprintf(error_cause, 512, "Room requires end-to-end encrypted media");
+					goto error;
+				}
 				/* Now prepare the SDP to give back */
 				if(strstr(msg_sdp, "mozilla") || strstr(msg_sdp, "Mozilla")) {
 					participant->firefox = TRUE;
@@ -7227,6 +7280,12 @@ static void *janus_videoroom_handler(void *data) {
 				JANUS_LOG(LOG_VERB, "Handling publisher: turned this into an '%s':\n%s\n", type, answer_sdp);
 				json_t *jsep = json_pack("{ssss}", "type", type, "sdp", answer_sdp);
 				g_free(answer_sdp);
+				if(e2ee)
+					participant->e2ee = TRUE;
+				if(participant->e2ee) {
+					JANUS_LOG(LOG_VERB, "Publisher is going to do end-to-end media encryption\n");
+					json_object_set_new(jsep, "e2ee", json_true());
+				}
 				/* How long will the Janus core take to push the event? */
 				g_atomic_int_set(&session->hangingup, 0);
 				gint64 start = janus_get_monotonic_time();
diff --git a/plugins/janus_voicemail.c b/plugins/janus_voicemail.c
index c911ed595d..8f337976c8 100644
--- a/plugins/janus_voicemail.c
+++ b/plugins/janus_voicemail.c
@@ -796,6 +796,13 @@ static void *janus_voicemail_handler(void *data) {
 			json_decref(event);
 		} else {
 			JANUS_LOG(LOG_VERB, "This is involving a negotiation (%s) as well:\n%s\n", msg_sdp_type, msg_sdp);
+			if(json_is_true(json_object_get(msg->jsep, "e2ee"))) {
+				/* Media is encrypted, but we need to save the unencrypted media frames to an .opus file */
+				JANUS_LOG(LOG_ERR, "Media encryption unsupported by this plugin\n");
+				error_code = JANUS_VOICEMAIL_ERROR_INVALID_ELEMENT;
+				g_snprintf(error_cause, 512, "Media encryption unsupported by this plugin");
+				goto error;
+			}
 			const char *type = NULL;
 			if(!strcasecmp(msg_sdp_type, "offer"))
 				type = "answer";
diff --git a/postprocessing/janus-pp-rec.c b/postprocessing/janus-pp-rec.c
index 8cd9aef3b0..7ba69adb52 100644
--- a/postprocessing/janus-pp-rec.c
+++ b/postprocessing/janus-pp-rec.c
@@ -336,6 +336,7 @@ int main(int argc, char *argv[])
 	gboolean video = FALSE, data = FALSE;
 	gboolean opus = FALSE, g711 = FALSE, g722 = FALSE,
 		vp8 = FALSE, vp9 = FALSE, h264 = FALSE, av1 = FALSE, h265 = FALSE;
+	gboolean e2ee = FALSE;
 	gint64 c_time = 0, w_time = 0;
 	int bytes = 0, skip = 0;
 	long offset = 0;
@@ -451,6 +452,10 @@ int main(int argc, char *argv[])
 					cmdline_parser_free(&args_info);
 					exit(1);
 				}
+				/* First of all let's check if this is an end-to-end encrypted recording */
+				json_t *e = json_object_get(info, "e");
+				if(e && json_is_true(e))
+					e2ee = TRUE;
 				/* Is it audio or video? */
 				json_t *type = json_object_get(info, "t");
 				if(!type || !json_is_string(type)) {
@@ -590,6 +595,8 @@ int main(int argc, char *argv[])
 					JANUS_LOG(LOG_INFO, "  -- -- fmtp: %s\n", f);
 				JANUS_LOG(LOG_INFO, "  -- Created: %"SCNi64"\n", c_time);
 				JANUS_LOG(LOG_INFO, "  -- Written: %"SCNi64"\n", w_time);
+				if(e2ee)
+					JANUS_LOG(LOG_INFO, "  -- Recording is end-to-end encrypted\n");
 				/* Save the original string as a metadata to save in the media container, if possible */
 				if(metadata == NULL)
 					metadata = g_strdup(prebuffer);
@@ -950,6 +957,17 @@ int main(int argc, char *argv[])
 		exit(0);
 	}
 
+	/* Now we have to start working: stop here if it's an end-to-end encrypted
+	 * recording, though, as the processed file would NOT be playable... In
+	 * the future we may want to provide ways for users to pass custom decrypt
+	 * functions to the processor (e.g., for users with legitimate access to
+	 * the key to decrypt the content), but at the moment we just drop it */
+	if(e2ee) {
+		JANUS_LOG(LOG_ERR, "End-to-end encrypted media recording, can't process...\n");
+		cmdline_parser_free(&args_info);
+		exit(1);
+	}
+
 	if(!video && !data && audioskew_th > 0) {
 		tmp = list;
 		janus_pp_rtp_skew_context context = {};
diff --git a/record.c b/record.c
index 4348bfc5b3..abb3d12e5f 100644
--- a/record.c
+++ b/record.c
@@ -253,6 +253,16 @@ janus_recorder *janus_recorder_create_full(const char *dir, const char *codec, c
 	return rc;
 }
 
+int janus_recorder_encrypted(janus_recorder *recorder) {
+	if(!recorder)
+		return -1;
+	if(!recorder->header) {
+		recorder->encrypted = TRUE;
+		return 0;
+	}
+	return -1;
+}
+
 int janus_recorder_save_frame(janus_recorder *recorder, char *buffer, uint length) {
 	if(!recorder)
 		return -1;
@@ -287,6 +297,9 @@ int janus_recorder_save_frame(janus_recorder *recorder, char *buffer, uint lengt
 			json_object_set_new(info, "f", json_string(recorder->fmtp));				/* Codec-specific info */
 		json_object_set_new(info, "s", json_integer(recorder->created));				/* Created time */
 		json_object_set_new(info, "u", json_integer(janus_get_real_time()));			/* First frame written time */
+		/* If media will be end-to-end encrypted, mark it in the recording header */
+		if(recorder->encrypted)
+			json_object_set_new(info, "e", json_true());
 		gchar *info_text = json_dumps(info, JSON_PRESERVE_ORDER);
 		json_decref(info);
 		uint16_t info_bytes = htons(strlen(info_text));
diff --git a/record.h b/record.h
index 1dd26bd7ba..6a4337b2a3 100644
--- a/record.h
+++ b/record.h
@@ -52,6 +52,8 @@ typedef struct janus_recorder {
 	gint64 created, started;
 	/*! \brief Media this instance is recording */
 	janus_recorder_medium type;
+	/*! \brief Whether the recording contains end-to-end encrypted media or not */
+	gboolean encrypted;
 	/*! \brief Whether the info header for this recorder instance has already been written or not */
 	volatile int header;
 	/*! \brief Whether this recorder instance can be used for writing or not */
@@ -88,6 +90,14 @@ janus_recorder *janus_recorder_create(const char *dir, const char *codec, const
  * @param[in] filename Filename to use for the recording
  * @returns A valid janus_recorder instance in case of success, NULL otherwise */
 janus_recorder *janus_recorder_create_full(const char *dir, const char *codec, const char *fmtp, const char *filename);
+/*! \brief Mark this recorder as end-to-end encrypted (e.g., via Insertable Streams)
+ * \note This will only be possible BEFORE the first frame is written, as it needs to
+ * be reflected in the .mjr header: doing this after that will return an error. Also
+ * notice that an encrypted recording will NOT be processable with \c janus-pp-rec
+ * out of the box, since the post-processor will not have access to unencrypted media
+ * @param[in] recorder The janus_recorder instance to mark as encrypted
+ * @returns 0 in case of success, a negative integer otherwise */
+int janus_recorder_encrypted(janus_recorder *recorder);
 /*! \brief Save an RTP frame in the recorder
  * @param[in] recorder The janus_recorder instance to save the frame to
  * @param[in] buffer The frame data to save