Windows

Setting the encryption secret

End-to-end encrypted sessions are created using server APIs (see Enabling encryption using the REST API).

Before the client publishes or subscribes, call the Session.SetEncryptionSecret() method:

Session.SetEncryptionSecret("encryption-secret");
Session.Connect(TOKEN);

A valid secret is a string between 8 and 256 characters. You can change the secret by calling the Session.SetEncryptionSecret() method again.

Events and errors

Events and errors are essential to managing the behavior of user-driven encryption behavior. End-to-end encryption uses the shared secret model: everyone in the session is expected to use the same secret to encrypt their media and decrypt everyone else's.

If a client tries to connect to an end-to-end encrypted session without setting an encryption secret, the Session.Error event is sent with an error code set to ErrorCode.EncryptionSecretMissing:

private void Session_Error(object sender, ErrorEventArgs error)
{
    if (Error.ErrorCode == ErrorCode.EncryptionSecretMissing) {
    // Notify the user that they cannot join the session
    }
}

Session.Error += Session_Error;
Session.Connect(TOKEN);

If a user tries to publish in an end-to-end encrypted session without having specified an encryption secret, calling the Session.Publish() function results in the Publisher.Error event being sent with an error that has the code set to ErrorCode.EncryptionInternalError. For the best user experience, the application should validate a user-supplied secret before calling the Session.Publish() method:

private void Publisher_Error(object sender, ErrorEventArgs error)
{
    if (Error.ErrorCode == ErrorCode.EncryptionInternalError) {
    // The application should communicate that the secret was not set.
    }
}

Publisher.Error += Publisher_Error;
Session.Publish(Publisher);

If a subscriber is unable to decode a stream's media due to an incorrect encryption secret, the Subscriber.Error event is sent with an error that has the code set to ErrorCode.EncryptionSecretMismatch. It is important to communicate to the user that media is not being received due to an encryption mismatch and not due to a connection failure or audio/video issue:

private void Subscriber_Error(object sender, ErrorEventArgs error)
{
    if (Error.ErrorCode == ErrorCode.EncryptionSecretMismatch) {
  // Activate a UI element communicating that there's been an encryption secret mismatch.
    }
}


Subscriber.Error += Subscriber_Error;
Session.Subscribe(Subscriber);

If a subscriber encounters an internal error while decrypting a packet, the Subscriber.Error event is sent with an error that has the code set to ErrorCode.DecryptionInternalError.