Built-in encryption configurations.

struct EncryptionConfig {
  ENCRYPTION_MODE encryptionMode;
  const char* encryptionKey;
  uint8_t encryptionKdfSalt[32];

    : encryptionMode(AES_128_GCM2),
    memset(encryptionKdfSalt, 0, sizeof(encryptionKdfSalt));

  const char* getEncryptionString() const {
    switch(encryptionMode) {
      case AES_128_XTS:
        return "aes-128-xts";
      case AES_128_ECB:
        return "aes-128-ecb";
      case AES_256_XTS:
        return "aes-256-xts";
      case SM4_128_ECB:
        return "sm4-128-ecb";
      case AES_128_GCM:
        return "aes-128-gcm";
      case AES_256_GCM:
        return "aes-256-gcm";
      case AES_128_GCM2:
        return "aes-128-gcm-2";
      case AES_256_GCM2:
        return "aes-256-gcm-2";
        return "aes-128-gcm-2";
    return "aes-128-gcm-2";



The built-in encryption mode. See ENCRYPTION_MODE. Agora recommends using AES_128_GCM2 or AES_256_GCM2 encrypted mode. These two modes support the use of salt for higher security.


Encryption key in string type with unlimited length. Agora recommends using a 32-byte key.

Attention: If you do not set an encryption key or set it as NULL, you cannot use the built-in encryption, and the SDK returns -2.

Salt, 32 bytes in length. Agora recommends that you use OpenSSL to generate salt on the server side. See Media Stream Encryption for details.

Attention: This parameter takes effect only in AES_128_GCM2 or AES_256_GCM2 encrypted mode. In this case, ensure that this parameter is not 0.