Show Sidebar

Encryption

Photon is able to encrypt messages between client and server, which is a must-have for sending authentication input or other sensible user-data.

On the other hand, encryption causes quite some overhead, so it's used sparingly and not exposed that much in our APIs.

For example: In our default logic, these go to all players of a room, so the content can't be too secret to send openly. So events are not encrypted by default.

Our client SDKs use it only for authentication. As developer, you can use it per message.

Technical Details

When you use Photon LoadBalancing or PUN, the API will automatically exchange encryption keys between client and server. This is done via Diffie Hellmann Key Exchange when the client connects.

The 160 bit key is then used for AES encryption on demand.

Once a client is authenticated, the server will issue a Token, an encrypted summary of the client's auth values to be used on other servers. The Token does not need to be read by the client.

If you use Webhooks or WebRPCs, the Photon Server will call those with HTTPS connections. If you use Unity's WebGL export, the client will connect via Secure WebSockets.

Encryption in PUN (Photon Unity Networking)

In PUN, you can call RPCs in a secure way by calling RpcSecure()on some PhotonView.

Encryption of Operations

In all APIs, we have a class called PhotonPeer. It is a lower level class which offers a method OpCustom(). This is the basis for all operation calls a client does an it has a parameter for encryption.

In PUN, the PhotonNetwork.networkingPeer is a PhotonPeer. In LoadBalancing, it's the LoadBalancingClient.loadBalancingPeer.

Use OpCustom() with the encrypt-parameter set to true if needed.

Manually Establish Encryption

If you use the LoadBalancing API or PUN, you don't need to do this manually. Only if you start your client from scratch, you have to establish encryption after connecting.

In best case, call peer.EstablishEncryption() in OnStatusChanged like this:

The library takes care of sending and handling the required keys. When this finishes, the client library will call OnStatusChanged with either of these codes:

 To Document Top