Secure channel encryption
To improve data security, Agora supports encrypting media streams during real-time engagement.
Agora Server Gateway supports built-in encryption methods.
Implementation
Before enabling media-stream encryption, ensure that you have implemented the basic real-time communication functions in your project.
Agora recommends using the AES_128_GCM2 or AES_256_GCM2 encryption mode and setting the key and salt.
To generate and set the key and salt parameters, refer to the following steps.
GCM2 encryption modes use a more secure KDF (Key Derivation Function) and support setting the salt. If you choose other encryption modes, you only need to set the encryption mode and key.Generate and set the key
- Refer to the following command to randomly generate a 32-byte key in the string format through OpenSSL on your server.
- The client gets the
keyin the string format from the server and passes it to the SDK in theenableEncryptionmethod.
Generate and set the salt
- Refer to the following command to randomly generate a Base64-encoded, 32-byte salt through OpenSSL on the server. You can also refer to the C++ sample code provided by Agora on GitHub to randomly generate a salt in the byte array format and convert it to Base64 on the server.
-
The client gets the Base64 salt from the server.
-
The client converts the salt from Base64 to byte[], and then passes it to the SDK in the
enableEncryptionmethod.
Call enableEncryption to enable built-in encryption
Before connecting to a channel, call enableEncryption to enable built-in encryption. You also need to set encryption mode and encryption key. All users connected to the same channel must use the same encryption mode and key.