This file encryption feature prevents users without access from opening and reading encrypted files that have been shared within a group of users. When this feature is turned on, all types of sent files and thumbnail images are first uploaded to the Sendbird server, and then encrypted by
In a channel, encrypted files and thumbnail images are decrypted and accessed securely only by the users in the channel. Anyone outside of the channel and application won't have access to these files and thumbnail images. The following explains how this data security works and what to do at the SDK level to apply it to your client apps.
The Sendbird system enables secure encryption and decryption of files by generating and distributing an opaque and unique encryption key for each user. An encryption key is managed internally by the system, and is valid for three days. It is generated every time the user logs in to the Sendbird server through the Chat SDK, which then gets delivered to the Chat SDK from the server.
When the Chat SDK requests an encrypted file by its URL, the
auth parameter should be added to the URL to access the file, which is specified with an encryption key of the user such as
?auth=RW5jb2RlIHaXMgdGV4eA==. With the specified key in the
auth parameter, the Sendbird server first decrypts the file, then checks if the user belongs to the channel, and finally, allows the user to access and open the file in the channel.
This can be easily done using the
fileMessage.url property, which automatically adds the
auth parameter with an encryption key of the current user to the file URL, and returns the unique URL for the user.