Force OTR for self hosted server?


#1

Hello Guys,
Been testing RocketChat and so far everything is great.

Only 1 question… Is there any way to force OTR, e2e encryption for all users/groupchats in a manually installed server?

Regards,

  • Juan

#2

Good question, that would interest me too.


#3

Important to note. OTR and e2e are 2 totally different systems in Rocket.Chat right now. :slight_smile:

OTR is the older system that messages are encrypted but don’t persist at all on the server even in encrypted form. e2e is end to end encryption.

That out of the way… I don’t think we do have that option. That would be something cool to see before we pull this feature out of beta. I’ll move this over to the feature request category. I too think this would be awesome especially when mobile support lands!


#4

I would love to see it too. I want to implement Rocket.chat in my company, but to be compliant with the security policy all chats have to be e2e encrypted by default and the plain-text communication has to be disabled :wink:


#5

Hello Aaron,
Thanks for the reply.
Sorry I explained myself wrong in the initial post… What you state is exactly what I’d like to know if it’s already available for RocketChat… e2e encryption. If I’m not mistaken I could then just add a simple cronjob that might delete older-than-x messages in the DB … or even work through the API to accomplish the same objective of deleting old messages from the server.

Is 2e2 enabled by default? Are the messages secured “just” by https during transfer from client1-server-client2 or is there any other method in place?

As suggested by others above, this could be a great option to add and attract security-concious companies.

Thanks for the help so far!