Where are the media encryption keys created? Is it in the endpoint SDK (Web, iOS, etc) or the cloud?
- Video API
Media encryption keys are created on the WebRTC clients.
- In Routed mode, one of the clients is the media router which is in the cloud. The media router can decrypt the packets to send the correct quality layer to the client, allow telephone dial-in, create HLS or RTMP broadcasts, or create meeting recordings.
- In Relayed mode, it is only client-side which is the endpoint SDK. It uses DTLS-SRTP, an RFC standard, which means the keys are always made on the clients when using Relayed mode.
See further references on Security.