Traditionally, configuring an encrypted calling session included transmitting an encryption key to other members of the calling session via an out-of-band communication. The encryption key is then used to encrypt and decrypt calling data received over the communication channel. While this provides for encrypted calling sessions, there is a technical problem with updating keys during the call using out-of-band techniques. Participants may not receive the key via the out-of-band communication or the out-of-band communication may be delayed. This may result in jitter, lost communications, or unauthorized participants remaining on a call. Thus, there is a need to update encryption keys in-band during an encrypted call.