E2E encryption for bots

Hi, I’m an experienced developer and I am trying to integrate Rocket.Chat into my own project. However I need E2E encryption, and I need it for a bot (an apps-engine app bot).

I want to get into the thick of the code and try to advance this issue on my own.

I’ve explored a bit, and there are a few concepts I identified as relating:

  1. meteor
  2. apps-engine
  3. encryption/decryption on the server (in Rocket.Chat under /apps/meteor/app/e2e/)
  4. encryption/decryption on mobile devices (in Rocket.Chat.ReactNative under ios\Shared\RocketChat\RocketChat.swift for IOS and under android\app\src\play\java\chat\rocket\reactnative\Encryption.java for Android)
  5. The IPostMessageSent apps API

My initial approach would be to store an encryption key somewhere (in the Mongo storage) and associate it with the app, then use it for E2E encryption in rooms.

I am still completely in the dark when it comes to extending and developing Rocket.Chat so any help would be appreciated!

Let’s start to get this conversation going, and maybe one day we’ll have E2E encryption out of BETA.

Thanks, and let’s get cracking!


So after a bit more digging, I discovered what meteor.js even is. I ran through its tutorials and am trying to get a better understanding…

So after some more digging, I am now exploring apps/meteor/app/e2e/client/rocketchat.e2e.room.js

Since this resides in a client directory I am assuming all functions are called by clients. Is that entirely true? Or are there function there that run on the server.

I suspect that some functions must (should) be running on the server for example handshake() because it fetches the e2e key from the db and then encrypts and sends it to subscriptions.

  1. If my suspicion is correct (meaning handshake is running on the server) - why is it defined in a client file?

  2. Also what is the mechanism by which it is actually run on the server? Does it have anything to do with the rocket chat Emitter base class?


So it turns out that client code is called by the client, and the key that is being fetched is encrypted using the user’s public key, so it is secure enroute.

The question now is, how do I decrypt and encrypt an e2e room message inside a bot?

Continuing the search…