Off-the-record (OTR) Messaging User Guide

Prev Next

This feature is currently in beta. Encrypted messages in encrypted rooms are not searchable, and mobile apps or multi-user DMs may not yet support encrypted messaging (support is under development). Additionally, file uploads are not encrypted in this version.

Off-the-record (OTR) Messaging allows users to exchange temporary, encrypted messages directly with each other. Messages are stored only in the local session storage of the browser rather than on the Rocket.Chat server. Once the OTR session ends and the session storage is cleared, all OTR messages are permanently removed and cannot be restored.

Key details:

  • OTR messages allow users to exchange confidential information without leaving any record on the server.

  • Unlike OTR, end-to-end encrypted messages are stored on the server (in an encrypted form) and remain persistent.

  • OTR messages are not included in message exports.

Prerequisites

Before using Off-the-Record (OTR) messaging, make sure the following conditions are met:

  • Your workspace administrator has enabled OTR. If OTR is not enabled, the option will not appear in the DM context menu.

  • You have a direct message (DM) room with only one other participant.

  • Both you and your DM partner have entered your end-to-end encryption keys.

  • You and your DM partner are currently online.

Start an OTR session

  1. Open the Direct Message room with the user.

  2. Click the kebab menu (⋮) in the upper right corner and select OTR from options to start an Off-the-Record session.

  3. Click Start OTR.

  4. The recipient will receive an OTR invitation; they must accept to begin the session.

  5. Messages exchanged during an OTR session are marked with a timer icon, indicating they are temporary and not stored on the server.

Manage OTR session

During an ongoing OTR session, you can manage the conversation using the Off-the-Record Conversation menu.

  • Refresh keys: Select Refresh keys to generate a new encryption key for the session. The other participant will receive a prompt to accept the key refresh before the secure session can continue. This ensures the encryption remains secure throughout your exchange.

  • End OTR: Select End OTR to close the off-the-record session. All OTR messages are immediately deleted from the chat once the session ends, and you are redirected back to your regular direct message (DM) view.

For further details, see the OTR Messages guide.