Secure channel encryption
To improve data security, Agora supports encrypting media streams during real-time engagement.
Agora supports built-in encryption methods.
Implementation
Before enabling media-stream encryption, ensure that you have implemented the basic real-time communication functions in your project.
Agora recommends using the AES_128_GCM2
or AES_256_GCM2
encryption mode and setting the key and salt.
To generate and set the key
and salt
parameters, refer to the following steps.
GCM2
encryption modes use a more secure KDF (Key Derivation Function) and support setting the salt. If you choose other encryption modes, you only need to set the encryption mode and key.Generate and set the key
- Refer to the following command to randomly generate a 32-byte key in the string format through OpenSSL on your server.
- The client gets the
key
in the string format from the server and passes it to the SDK in theenableEncryption
method.
Generate and set the salt
- Refer to the following command to randomly generate a Base64-encoded, 32-byte salt through OpenSSL on the server. You can also refer to the C++ sample code provided by Agora on GitHub to randomly generate a salt in the byte array format and convert it to Base64 on the server.
-
The client gets the Base64 salt from the server.
-
The client converts the salt from Base64 to byte[], and then passes it to the SDK in the
enableEncryption
method.
Call enableEncryption
to enable built-in encryption
Before connecting to a channel, call enableEncryption
to enable built-in encryption. You also need to set encryption mode and encryption key. All users connected to the same channel must use the same encryption mode and key.