# Encryption
The `Ably.Rest.Crypto``Ably::Util::Crypto``Ably\Utils\Crypto``ably.util.crypto``io.ably.lib.util.crypto``ARTCrypto``IO.Ably.Encryption.Crypto` object exposes the following public methods:
## Methods
### getDefaultParamsget_default_paramsget_default_paramsGetDefaultParamsDefaultCipherParams
`Crypto.getDefaultParams(Object params): CipherParams`
`CipherParams Crypto.get_default_params(Hash params)`
`CipherParams Crypto.get_default_params(Dict params)`
`CipherParams Crypto.getDefaultParams(Array params)`
`CipherParams Crypto.getDefaultParams(Param[] params)`
`CipherParams GetDefaultParams(byte[] key = null, byte[] iv = null, CipherMode? mode = null)`
`getDefaultParams(values: [NSObject : AnyObject]) -> ARTCipherParams`
`DefaultCipherParams() (*CipherParams, error)`
This call obtains a [`CipherParams`](#cipher-params) object using the values passed in (which must be a subset of `CipherParams` fields that at a minimum includes a `key`), filling in any unspecified fields with default values, and checks that the result is a valid and self-consistent.This call takes a key, an initialization vector (iv) and a Cipher mode. There is also on override which accepts the `key` and `iv` as base64 encoded strings. It will validate the passed values and generate `CipherParams`returns a [`CipherParams`](#cipher-params) object with fields set to default values. This generates random secret key and initialization vector (iv) values.
You will rarely need to call this yourself, since the client library will handle it for you if you specify `cipher` params when initializing a channel (as in the example [at the top](https://ably.com/docs/channels/options/encryption)) or when setting channel options with `channel#setOptions`.
#### Parameters
| Parameter | Description | Type |
|-----------|-------------|------|
| paramsarguments | The cipher paramsarguments that you want to specify. It must at a minimum include a `key`, which should be either a binary (`byte[]``ArrayBuffer` or `Uint8Array``Buffer`byte array`NSData`) or a base64-encoded `NS``String`. | Object |
#### Returns
On success, the method returns a complete [`CipherParams`](#cipher-params) object. Failure will raise an [`AblyException`](https://ably.com/docs/api/rest-sdk/types#ably-exception)exception.
#### Example
```javascript
const cipherParams = Ably.Rest.Crypto.getDefaultParams({ key: });
const channelOpts = { cipher: cipherParams };
const channel = rest.channels.get('your-channel-name', channelOpts);
```
```nodejs
const cipherParams = Ably.Rest.Crypto.getDefaultParams({ key: });
const channelOpts = { cipher: cipherParams };
const channel = rest.channels.get('your-channel-name', channelOpts);
```
```ruby
cipher_params = Ably::Util::Crypto.get_default_params({key: })
channel_opts = { cipher: cipher_params }
channel = rest.channels.get('your-channel-name', channel_opts)
```
```python
cipher_params = ably.util.crypto.get_default_params({'key': })
channel = rest.channels.get('your-channel-name', cipher=cipher_params)
```
```php
$cipherParams = Ably\Utils\Crypto->getDefaultParams(array('key' => ));
$channelOpts = array('cipher' => $cipherParams);
$channel = $rest->channels->get('your-channel-name', $channelOpts);
```
```java
CipherParams params = Crypto.getDefaultParams(new Param[]{ new Param("key", ) });
ChannelOptions options = new ChannelOptions();
options.encrypted = true;
options.cipherParams = params;
Channel channel = rest.channels.get("your-channel-name", options);
```
```csharp
CipherParams cipherParams = Crypto.GetDefaultParams();
var channel = rest.Channels.Get("your-channel-name", new ChannelOptions(cipherParams));
```
```objc
ARTCipherParams *params = [ARTCrypto getDefaultParams:@{@"key": }];
ARTChannelOptions *options = [[ARTChannelOptions alloc] initWithCipher:params];
ARTRealtimeChannel *channel = [rest.channels get:@"your-channel-name" options:options];
```
```swift
let params = ARTCrypto.getDefaultParams(["key": ])
let options = ARTChannelOptions(cipher: params)
let channel = rest.channels.get("your-channel-name", options: options)
```
```go
params, err := Crypto.DefaultCipherParams()
```
### generateRandomKeygenerate_random_keygenerate_random_keyGenerateRandomKey
`Crypto.generateRandomKey(Number keyLength?): Promise`
`Crypto.generateRandomKey(Number keyLength?): Promise`
`byte array Crypto.generate_random_key(Int key_length?)`
`byte array Crypto.generate_random_key(Int key_length?)`
`string Crypto.generateRandomKey(Int keyLength?)`
`byte[] Crypto.generateRandomKey(Int keyLength?)`
`byte[] GenerateRandomKey(int? keyLength = null, CipherMode? mode = null)`
`generateRandomKey(length?: UInt) -> NSData`
`GenerateRandomKey(keyLength ...int) ([]byte, error)`
This call obtains a randomly-generated binary key of the specified key length and optional CipherMode.
#### Parameters
| Parameter | Description | Type |
|-----------|-------------|------|
| keyLengthkey_length | Optional with the length of key to generate. For AES, this should be either 128 or 256. If unspecified, defaults to 256. | numberInt |
| Parameter | Description | Type |
|-----------|-------------|------|
| keyLength | Optional with the length of key to generate. For AES, this should be either 128 or 256. If unspecified, defaults to 256. | int? |
| mode | Optional AES which is used when the key is generated | `CipherMode` |
#### Returns
Returns a promise. On success, the promise is fulfilled with the generated key as an `ArrayBuffer`a `Buffer`. On failure, the promise is rejected with an [`ErrorInfo`](https://ably.com/docs/api/rest-sdk/types#error-info) object that details the reason why it was rejected.
#### Returns
On success, the method returns the generated key as a `byte[]` array`bytes`byte arraybinary string`NSData``[]byte` array. Failure will raise an [`AblyException`](https://ably.com/docs/api/rest-sdk/types#ably-exception)Failure will cause error to contain an [`ErrorInfo`](#error-info) object describing the failure reason.
#### Example
```javascript
const key = await Ably.Rest.Crypto.generateRandomKey(256);
const channel = rest.channels.get('your-channel-name', { cipher: { key: key } });
```
```ruby
key = Ably::Util::Crypto.generate_random_key(256)
channel = rest.channels.get('your-channel-name', { cipher: {key: key}})
```
```python
cipher_params = ably.util.crypto.generate_random_key(256)
channel = rest.channels.get('your-channel-name', cipher={'key': key})
```
```php
$key = Ably\Utils\Crypto->generateRandomKey(256);
$channel = $rest->channels->get('your-channel-name', array('cipher' => array('key' => $key)));
```
```java
byte[] key = Crypto.generateRandomKey(256);
ChannelOptions options = ChannelOptions.withCipher(key);
Channel channel = rest.channels.get("your-channel-name", options);
```
```csharp
byte[] key = Crypto.GenerateRandomKey(256);
ChannelOptions options = new ChannelOptions(key);
var channel = rest.Channels.Get("your-channel-name", options);
```
```objectivec
NSData *key = [ARTCrypto generateRandomKey:256];
ARTChannelOptions *options = [[ARTChannelOptions alloc] initWithCipherKey:key];
ARTRealtimeChannel *channel = [rest.channels get:@"your-channel-name" options:options];
```
```swift
let key = ARTCrypto.generateRandomKey(256)
let options = ARTChannelOptions(cipherWithKey: key)
let channel = rest.channels.get("your-channel-name", options: options)
```
```go
key, err := Crypto.GenerateRandonKey(256)
```
## Related types
### ChannelOptions ObjectARTChannelOptionsChannelOptions HashChannelOptions DictChannelOptions ArrayIO.Ably.ChannelOptionsio.ably.lib.types.ChannelOptions
Channel options are used for setting [channel parameters](https://ably.com/docs/channels/options) and [configuring encryption](https://ably.com/docs/channels/options/encryption).
`ChannelOptions`, a plain JavaScript object, may optionally be specified when instancing a [`Channel`](https://ably.com/docs/channels), and this may be used to specify channel-specific options. The following attributes can be defined on the object:
`ChannelOptions`, a Hash object, may optionally be specified when instancing a [`Channel`](https://ably.com/docs/channels), and this may be used to specify channel-specific options. The following key symbol values can be added to the Hash:
`ChannelOptions`, an Associative Array, may optionally be specified when instancing a [`Channel`](https://ably.com/docs/channels), and this may be used to specify channel-specific options. The following named keys and values can be added to the Associated Array:
`ART``io.ably.lib.types.``ChannelOptions` may optionally be specified when instancing a [`Channel`](https://ably.com/docs/channels), and this may be used to specify channel-specific options.
`IO.Ably.ChannelOptions` may optionally be specified when instancing a [`Channel`](https://ably.com/docs/channels), and this may be used to specify channel-specific options.
#### PropertiesMembers
| Property | Description | Type |
|----------|-------------|------|
| :cipherCipherParamscipher | Requests encryption for this channel when not null, and specifies encryption-related parameters (such as algorithm, chaining mode, key length and key). See [an example](https://ably.com/docs/channels/options/encryption) | [`CipherParams`](https://ably.com/docs/api/realtime-sdk/encryption#cipher-params) or an options hash containing at a minimum a `key` or an Associative Array containing at a minimum a `key` |
| Property | Description | Type |
|----------|-------------|------|
| paramsParams | Optional [parameters](https://ably.com/docs/channels/options) which specify behaviour of the channel. | `Map``JSON Object` |
| cipherCipherParams | Requests encryption for this channel when not null, and specifies encryption-related parameters (such as algorithm, chaining mode, key length and key). See [an example](https://ably.com/docs/api/realtime-sdk/encryption#getting-started) | [`CipherParams`](https://ably.com/docs/api/realtime-sdk/encryption#cipher-params) or an options object containing at a minimum a `key` or a [`Param[]`](#param) list containing at a minimum a `key` |
#### Static methods
##### withCipherKey
```java
static ChannelOptions.withCipherKey(Byte[] or String key)
```
A helper method to generate a `ChannelOptions` for the simple case where you only specify a key.
#### Parameters
| Parameter | Description | Type |
|-----------|-------------|------|
| key | A binary `Byte[]` array or a base64-encoded `String`. | `Byte[]` or `String` |
#### Returns
On success, the method returns a complete `ChannelOptions` object. Failure will raise an [`AblyException`](https://ably.com/docs/api/realtime-sdk/types#ably-exception).
### CipherParamsARTCipherParamsCipherParams HashCipherParams DictCipherParams ArrayIO.Ably.CipherParamsio.ably.lib.util.Crypto.CipherParams
A `CipherParams` contains configuration options for a channel cipher, including algorithm, mode, key length and key. Ably client libraries currently support AES with CBC, PKCS#7 with a default key length of 256 bits. All implementations also support AES128.
Individual client libraries may support either instancing a `CipherParams` directly, using [`Crypto.getDefaultParams()`](https://ably.com/docs/api/realtime-sdk/encryption#get-default-params)[`Crypto.GetDefaultParams()`](https://ably.com/docs/api/realtime-sdk/encryption#get-default-params)[`Crypto.get_default_params()`](https://ably.com/docs/api/realtime-sdk/encryption#get-default-params), or generating one automatically when initializing a channel, as in [this example](https://ably.com/docs/channels/options/encryption).
#### PropertiesMembers
| Property | Description | Type |
|----------|-------------|------|
| keyKey:key | A binary (`byte[]``ArrayBuffer` or `Uint8Array``Buffer`byte array`NSData`) or base64-encoded `NS``String` containing the secret key used for encryption and decryption | |
| algorithm:algorithmAlgorithm | The name of the algorithm in the default system provider, or the lower-cased version of it; eg "aes" or "AES"
default: _AES_ | `String` |
| key_length:key_lengthkeyLengthKeyLength | The key length in bits of the cipher, either 128 or 256
default: _256_ | `Integer` |
| modeMode | The cipher mode
default: _CBC_ | `String``CipherMode` |
| Property | Description | Type |
|----------|-------------|------|
| key | A binary (`byte[]`) or base64-encoded `String` containing the secret key used for encryption and decryption | |
| algorithm | The name of the algorithm in the default system provider, or the lower-cased version of it; eg "aes" or "AES"
default: _AES_ | `String` |
| keyLength | The key length in bits of the cipher, either 128 or 256
default: _256_ | `Integer` |
| mode | The cipher mode
default: _CBC_ | `String` |
| keySpec | A `KeySpec` for the cipher key | `SecretKeySpec` |