End-to-end encryption?

rnix123 · February 9, 2018, 5:20pm

Hello,

We’re considering Rocket.Chat as a replacement for Slack. I can’t quite tell if Rocket.Chat has end-to-end encryption. From what I’ve read, it seems that it does. https://www.slant.co/versus/1983/10600/~whatsapp_vs_rocket-chat
and
https://rocket.chat/2017/07/02/mrinal-dhar-developing-end-to-end-encryption-with-signal-protocol/

Can someone tell me for sure if this the case? In other words, we’re looking to see if direct communication with another individual is secure. We would use Apache Virtualhost with a Let’s Encrypt cert as the reverse proxy to secure Rocket.Chat.

Thanks in advance!

Ryan

aaron.ogle · February 9, 2018, 7:35pm

In any DM you can click the key in contextual bar to start encrypted conversation. Messages are encrypted client side and only the other user can decrypt.

Upcoming I think this will be possible for private group chat as well.

rnix123 · February 9, 2018, 8:53pm

Good to know. Thanks, @aaron.ogle

I assume the basic peer-to-peer communication is encrypted, without the user needing to do anything special because all IMs go through the secure reverse-proxy. Right?

aaron.ogle · February 9, 2018, 9:12pm

Just to re-iterate and make sure you understand what i’m saying. For DM’s you have to goto:

Click OTR to start an encrypted session.

This of course requires your server be configured with ssl. Otherwise you can’t even have a secure hand shake between the two.

rnix123 · February 9, 2018, 9:32pm

Makes sense. Thanks again, Aaron.

TwizzyDizzy · February 10, 2018, 2:02pm

Hey @aaron.ogle, I do not want to sound harsh but I think one should also mention, that OTR in general works, yet has this critical bug (which, by the way, I think should be fixed ASAP - do you know the status of the GSOC OTR sutff/rewrite that seems to have been going on? Did something come out of that?)

Cheers
Thomas

aaron.ogle · February 10, 2018, 5:57pm

Ah yes… The file upload thing. I have yet to use e2e and send a file. I always use for a quick conversation I don’t want to stick around. Like passing personal information needed to buy plane ticket or something.

But yes it should warn that files aren’t encrypted. At least in the session start. This would be a matter of just changing the i18n string.

I don’t know the status of the new and improved version.

aaron.ogle · September 28, 2018, 3:36pm

Our implementation of End to End encryption has landed with 0.70.0. File encryption will be on the roadmap asap. It almost landed with file encryption but it was a bit too heavy so it had to be delayed.

anshlv · November 12, 2018, 5:29pm

Our company would like to use RocketChat, but there is a security requirement, which is necessary:

E2E encryption in DM by default, with history preservation and search;

Would be great if you could add it, I am sure many companies could then on-board your solution.

Aphilsmith · November 11, 2020, 2:47am

We’ve had Rocketchat with end-to-end encryption at layer 2 for a few years now using our NVIS.info software.

Topic		Replies	Views
Force OTR for self hosted server? Feature Requests (historic archive)	5	4116	January 29, 2019
About OTR feature, is it possible to establish the e2e encryption without both sides online? Community Support	1	1008	May 4, 2018
Integration of SSL (apologies for basic question) Community Support	0	636	November 8, 2019
Rocket.Chat 0.70 released Announcements	3	3694	September 28, 2018
OTR-problems while testing Rocket.chat Community Support	6	2465	October 1, 2020

[Rocket.Chat v7.0: Join the webinar] Roadmap Reveal: on-prem AI, VoIP, and more! Save your seat ->

End-to-end encryption?

Related topics