This topic includes details on using end-to-end encryption in the Vonage Video Windows client SDK:
For an overview of end-to-end encryption, see this topic.
End-to-end encrypted sessions are created using server APIs (see Enabling encryption using the REST API).
Before the client publishes or subscribes, call the Session.SetEncryptionSecret()
method:
Session.SetEncryptionSecret("encryption-secret");
Session.Connect(TOKEN);
A valid secret is a string between 8 and 256 characters. You can change the secret by calling the Session.SetEncryptionSecret()
method again.
Events and errors are essential to managing the behavior of user-driven encryption behavior. End-to-end encryption uses the shared secret model: everyone in the session is expected to use the same secret to encrypt their media and decrypt everyone else's.
If a client tries to connect to an end-to-end encrypted session without setting an encryption secret, the Session.Error
event is sent with an error code set to ErrorCode.EncryptionSecretMissing
:
private void Session_Error(object sender, ErrorEventArgs error)
{
if (Error.ErrorCode == ErrorCode.EncryptionSecretMissing) {
// Notify the user that they cannot join the session
}
}
Session.Error += Session_Error;
Session.Connect(TOKEN);
If a user tries to publish in an end-to-end encrypted session without having specified an encryption secret, calling the Session.Publish()
function results in the Publisher.Error
event being sent with an error that has the code set to ErrorCode.EncryptionInternalError
. For the best user experience, the application should validate a user-supplied secret before calling the Session.Publish()
method:
private void Publisher_Error(object sender, ErrorEventArgs error)
{
if (Error.ErrorCode == ErrorCode.EncryptionInternalError) {
// The application should communicate that the secret was not set.
}
}
Publisher.Error += Publisher_Error;
Session.Publish(Publisher);
If a subscriber is unable to decode a stream's media due to an incorrect encryption secret, the Subscriber.Error
event is sent with an error that has the code set to ErrorCode.EncryptionSecretMismatch
. It is important to communicate to the user that media is not being received due to an encryption mismatch and not due to a connection failure or audio/video issue:
private void Subscriber_Error(object sender, ErrorEventArgs error)
{
if (Error.ErrorCode == ErrorCode.EncryptionSecretMismatch) {
// Activate a UI element communicating that there's been an encryption secret mismatch.
}
}
Subscriber.Error += Subscriber_Error;
Session.Subscribe(Subscriber);
If a subscriber encounters an internal error while decrypting a packet, the Subscriber.Error
event is sent with an error that has the code set to ErrorCode.DecryptionInternalError
.