Is Sendbird Chat encrypted? If so, how?

Yes, Sendbird chat is encrypted. When the encryption feature is turned on, all types of sent files and thumbnail images are first uploaded to the Sendbird server and then encrypted using AES256. In a channel, these encrypted files and thumbnail images can only be decrypted and accessed securely by the users in the channel. Users outside of the channel and application do not have access to these encrypted files and thumbnail images.

To ensure secure encryption and decryption of files, Sendbird generates and distributes an opaque and unique encryption key for each user. This encryption key is managed internally by the system. The encryption key is generated every time the user logs in to the Sendbird server through the Chat SDK.

When the Chat SDK requests an encrypted file by its URL, the auth parameter should be added to the URL to access the file. The auth parameter is specified with the encryption key of the user, such as, ?auth=RW5jb2RlIHaXMgdGV4eA==. With the specified key in the auth parameter, the Sendbird server first decrypts the file, then checks if the user belongs to the channel, and finally allows the user to access and open the file in the channel.

Here is an example of how the encryption and decryption process works:

  1. User A uploads a file to a channel in Sendbird application.
  2. The file is first uploaded to the Sendbird server.
  3. The Sendbird server encrypts the file using AES256 and generates a unique encryption key for User A.
  4. User A’s encryption key is delivered to the Chat SDK from the server.
  5. User B, who is also a member of the channel, wants to access the encrypted file.
  6. User B’s Chat SDK requests the encrypted file by its URL, adding the auth parameter with User B’s encryption key, such as, ?auth=RW5jb2RlIHaXMgdGV4eA==.
  7. The Sendbird server receives the request and decrypts the file using User B’s encryption key.
  8. The server checks if User B belongs to the channel.
  9. If User B is a member of the channel, the server allows User B to access and open the file in the channel.

This encryption process ensures that only authorized users within the channel can access and read the encrypted files, providing data security and privacy.