End-to-End Encryption (E2EE) ensures that only message senders and intended recipients can read messages and files, using encryption keys. Rocket.Chat supports E2EE for private rooms and direct messages. This guide explains how to configure the E2EE default behavior across the workspace.
Important considerations before enabling E2EE
Encrypted messages will not appear in search results.
Encrypted content cannot be audited or monitored.
Bots may be unable to access encrypted messages unless they explicitly support E2EE.
Found a bug? Please report it to Rocket.Chat.
Accessing the E2EE settings
Before users can enable E2EE in conversations, a workspace administrator must first configure it at the workspace level.
To configure the E2EE setting,
Go to Manage
> Workspace > Settings > End-to-end encryption.Update these settings based on your organization’s privacy, usability, and compliance requirements:
Field
Description
End-to-end encryption
Enables or disables E2EE across the workspace. When turned on, users can create encrypted rooms and enable encryption in existing direct messages and private rooms.
Unencrypted messages in encrypted rooms
Allows users to send plain text messages in encrypted rooms. These messages will not be encrypted.
Encrypt direct messages
Automatically enables the encryption option by default each time a new direct message room is created.
Encrypt private rooms
Automatically enables the encryption option by default when creating private channels, private teams, or private discussions.
Encrypt files
Encrypts uploaded files that are shared inside encrypted rooms. Once encryption is disabled in the room, new files will no longer be encrypted. File behavior may also be affected by your File Upload settings.
Mentions
Allows mentions (
@username,@all, etc.) to work inside encrypted content. Mentioned users will be notified if notifications are enabled.Restore defaults
Resets all E2EE-related settings on this page to their original defaults. Use with caution.
Next steps
After configuring workspace-level settings:
See the End-to-End Encryption User Guide for instructions on using E2EE in conversations.
For a deeper technical explanation of key generation, encryption mechanisms, and client behavior, refer to the End-to-End Encryption Specifications document.