This file encryption feature prevents users without access from opening and reading encrypted files that have been shared within a group of users. When this feature is turned on, all types of sent files and thumbnail images will be first uploaded to the Sendbird server, and then encrypted by AES256
.
In a channel, encrypted files and thumbnail images will be decrypted and accessed securely only by the users in the channel. Anyone outside of the channel and application won't have access to those files and thumbnail images. The following explains how this data security works and what to do at the SDK level to apply it to your client apps.
The Sendbird system enables secure encryption and decryption of files by generating and distributing an opaque and unique encryption key for each user. An encryption key is managed internally by the system, and is valid for three days. It is generated every time the user logs in to the Sendbird server through the Chat SDK, which then gets delivered to the Chat SDK from the server.
When the Chat SDK requests an encrypted file by its URL, the auth
parameter should be added to the URL to access the file, which is specified with an encryption key of the user such as ?auth=RW5jb2RlIHaXMgdGV4eA==
. With the specified key in the auth
parameter, the Sendbird server first decrypts the file, then checks if the user belongs to the channel, and finally, allows the user to access and open the file in the channel.
This can be easily done by retrieving the url
property, which returns the unique file URL containing the auth
parameter with an encryption key of the current user.