Skip to main content
Android
iOS
macOS
Web
Windows
Electron
Flutter
React Native
React JS
Unity
Unreal Engine
Unreal (Blueprint)

Secure channel encryption

Media stream encryption refers to encrypting audio and video streams in an app using a unique key and salt controlled by the app developer. Encryption ensures that only the authorized users in a channel see and hear each other. Video SDK provides built-in encryption methods that you can use to guarantee data confidentiality during transmission.

This article describes how to integrate Agora built-in media stream encryption into your app.

Understand the tech

The following figure illustrates the process of data transfer with media stream encryption enabled.

Best practice is to choose the AES_128_GCM2 or AES_256_GCM2 encryption mode and set a key and salt for enhanced security.

Data transfer process

EncryptMediaStream

Prerequisites

Ensure that you have implemented the SDK quickstart in your project.

Implement media stream encryption

To add built-in media stream encryption to your app, refer to the following steps:

  1. Generate a key and salt on your server

    • To generate a random 32-byte hexadecimal key on your server as a string, refer to the following OpenSSL command:

      # Generate a 32-byte hexadecimal key
      openssl rand -hex 32
      Copy
    • To generate a random Base64-encoded, 32-byte salt on your server, refer to the following OpenSSL command:

      # Generate a Base64-encoded, 32-byte salt
      openssl rand -base64 32
      Copy
  1. Implement client-side logic

    1. Obtain a String key and Base64-encoded salt from the server.

    2. Convert the salt from Base64 to uint8_t.

    3. Before joining the channel, call enableEncryption to set the AES_128_GCM2 or AES_256_GCM2 encryption mode, and pass the key and salt to the SDK.

note
  • All users in a channel must use the same encryption mode, key, and salt. Discrepancies may lead to unexpected behavior, such as black screens or audio loss.
  • To ensure security, best practice is to use a new key and salt each time you enable media stream encryption.

To implement this logic, refer to the following code:

// Enable built-in encryption
enableEncryption = () => {
// Built-in encryption mode is Aes128Xts
const encryptionMode = EncryptionMode.Aes128Xts;
// Built-in encryption key
const encryptionKey = '';
// Salt
const encryptionKdfSalt = new Array(32).fill(1, 0, 32);
if (!encryptionKey) {
this.error("encryptionKey is invalid");
return;
}
rtcEngine.enableEncryption(true, {
encryptionMode,
encryptionKey,
encryptionKdfSalt,
});
};

// Disable built-in encryption
disableEncryption = () => {
rtcEngine.enableEncryption(false, {});
};
Copy
Information
To communicate with the Video SDK for Web, convert the String type key mentioned in this document from Hex encoding format to the ASCII encoding format.

Reference

This section contains content that completes the information on this page, or points you to documentation that explains other aspects to this product.

Sample projects

Agora provides open-source sample projects for your reference. Download or view the source code for a more detailed example.

API reference

Video Calling