PubNub is used in more industries every day, including some that require high levels of security and encryption when sending realtime data. We’ve listened to those customers, and worked closely with them to devise a new level of encryption within the PubNub Data Stream Network.
To explain what this means for you, and how to easily add encryption to your realtime app, here’s a quick walk-thru of various security options and what they mean:
SSL Encryption (and why it doesn’t check all the boxes)
Anyone who surfs the web has experienced SSL. Websites use SSL to safely transmit credit cards and other sensitive information across the public Internet. Since 2010, PubNub has also provided SSL encryption as an option for our customers. In order to support SSL, PubNub implemented many of the same security protocols that exist within modern browsers, including TLS 2048 bit Asymmetric Keys, and SHA256/HMAC Message Signing. And customers have used our SSL encryption at large scale now for over 2 years.
However, there’s an important thing to know about SSL encryption. Though your data is encrypted as it travels through the Internet, it must be decrypted (and re-encrypted) as it passes through the PubNub servers and back out again. This is not a limitation of PubNub, but simply a limitation of the way SSL works. While your data is very secure in and out of PubNub, it is still decrypted while it travels through our servers. PubNub follows industry best practices around operational security, and runs in ISO/IEC 27001 certified data centers that are SAS70 Type II compliant. But it’s crucial that your secure data *stay* secure across the entire path from Publisher to Subscriber(s).
Advanced Encryption Standard (AES Symmetric Key Encryption) Ups the Ante
Advanced Encryption Standard (AES) is a specification for the encryption of electronic data. AES has been adopted by the U.S. government and is now used worldwide in high security applications And effective immediately, all PubNub Client Libraries support AES. This means that your data can be easily encrypted as it’s published, and stay encrypted until it’s received by the subscribers, even as it traverses the PubNub Data Stream Network. Another benefit of this encryption method is that can happen on the client-side and or server-side. This means that unencrypted data never leaves a trusted authority, providing for full circle data encryption.
Example Flowchart Diagram
This diagram is a brief walkthrough of an example flow with a central authority server (your server) that you will use to distribute and generate the cipher keys for encrypting your data. Note that the cipher key can be anything! From a simple password like “mypass1” to a long and complex unpredictable string commonly seen in SSL Symmetric Keys. Click the image to expand.
Sounds Great. How Easy Is It?
We’ve worked hard to make sure that using AES encryption in PubNub is easy. The complexity of encrypting and decrypting the data is built into the free PubNub client libraries (since our libraries are open source, you’re welcome to see how we did it). To use AES encryption in PubNub, simply do the following:
- Include the PubNub code like normal:
- <script src=”https://cdn.pubnub.com/pubnub-3.1.min.js“></script>
- Also include these two files
- <script src=”https://pubnub.github.com/pubnub-api/crypto/crypto.js“></script>
- <script src=”https://pubnub.github.com/pubnub-api/crypto/encrypt-pubnub.js“></script>
- Instead of PUBNUB.init(), call PUBNUB.secure()
- Give it a ‘cipher_key’ parameter in addition to the others.
- You’re good to go!
Full HTML Copy/Paste Example:
See the Direct Example and View The Source Code: Here is a simple AES example.