close search

Add Messaging, Voice, and Authentication to your apps with Vonage Communications APIs

Visit the Vonage API Developer Portal

Advanced Media Stream Encryption (AES-256)

By default the media streams passing through the OpenTok platform are encrypted using AES-128. In routed sessions, the media is encrypted between all clients and the media server. In relayed sessions, the media is encrypted between each pair of clients.

For enhanced security, the AES-256 add-on feature provides the AES-256 level of encryption on media streams.

Important: This feature is available as an add-on feature.

With the AES-256 add-on feature enabled, when a client is connecting to an OpenTok Media Router or another client, the cipher to use will be negotiated. If the client supports AES-256 then this will be the cipher negotiated for the media traffic. If the client does not support it, then AES-128 will be used. In the case of relayed sessions, both clients must support AES-256, otherwise they will fall back to AES-128.

After you enable the AES-256 Encryption add-on, this feature will be activated automatically for all the projects in your account.

Encryption support on OpenTok clients

AES-256 is supported (in addition to AES-128) in apps that use the following OpenTok client SDKs:

In Chrome 62+, you can verify the encryption level by navigating to chrome://webrtc-internals. Upon publishing or subscribing to a stream, use chrome://webrtc-internals, to verify that the streams are using AES-256 check the srtpCipher listing under Channel-audio-1 (googComponent). If it is AES 256, the listing will include AEAD_AES_256_GCM.

Only AES-128 is supported in apps that use the following OpenTok client SDKs: