End-to-end (E2EE) encryption for meetings in zoom App
Meetings can now be encrypted end-to-end (E2EE). In addition to end-to-end encryption, account admins and owners can provide additional protection for meetings. Zoom meeting participants must join from the desktop client, mobile app, or Zoom Rooms in order to enable end-to-end encryption.
The following features are also disabled when this setting is enabled:
- Be the first to join
- Recording in the Cloud
- Cloud
- Cloud’s live stream
- Can be transcribed live
- Breakout Rooms
- With Polls
- Zoom Apps
- *Reactions to meetings
- Via 1:1 private chat
*Note: - With the release of version 5.5.0, these features are available in Zoom Rooms, desktop, and mobile.
The Zoom web client, Zoom Web SDK, or third-party clients utilizing the Zoom Web SDK will not allow users to join by telephone, SIP/H.323 devices, or on-premise configurations, since these endpoints cannot be encrypted end-to-end.
The maximum number of participants for E2EE meetings is 200, regardless of the license for Large Meetings.
Prerequisites for enabling End-to-end (E2EE) encryption for meetings
- Zoom desktop client
- Windows: 5.4.0 or later
- MacOS: 5.4.0 or later
- Linux: 5.4.0 or higher
- Zoom mobile app
- Android: 5.4.0 or higher
- IOS: 5.4.0 or later
- Zoom Rooms for Conference Room
- PC: 5.2.2 or higher
- MacOS: 5.2.2 or later
- Appliances: 5.2.2 or higher
Notes:
- At the moment, Zoom Web SDK is not available for the Zoom web client or third-party clients. For more information, consult SDK developer documentation.
- We cannot encrypt end to end information flowing between telephone systems, SIP/H.323 devices, on-premise configurations or Lync/Skype clients, which means that users will be unable to join from any of these endpoints.
- In order to be able to enable end-to-end encryption, meeting hosts for free accounts will need to send an SMS with a code that will verify their phone number. Those attendees who already have verified their phone numbers will not have to do so.
Enabling end-to-end encryption for meetings
We recommend that you use end-to-end encryption only for meetings that need additional protection, since end-to-end encryption is currently in technical preview and disables a number of features. The default encryption type can be determined after you enable E2EE.
Account
Using E2EE, all users in the account can have encrypted meetings:
- Admins with the privilege to edit account settings should log in to the Zoom web portal.
- Select Account Settings from the navigation panel.
- Select Meetings.
- You can enable end-to-end encryption under Security.
- You can enable it by turning on the toggle. Click Turn On if a verification dialog appears.
- Click the lock icon, then click Lock in order to confirm this setting for all users in your account.
- Select Default encryption from the Security section.
- Press Save.
Note: - For meetings that require additional security, we recommend that, due to the limitations of E2EE, Enhanced encryption be used as the default encryption type and end-to-end encryption be used on occasions when additional protection is required.
Group
Note:
The Group Management page has been renamed to Groups on your Zoom account. This is if you registered for a new account after August 21, 2021 or if you enabled the New Admin Experience in your account.
Several users would like to take part in an encrypted End-to-End meeting (E2EE) as follows:
- If you are an admin with the ability to edit groups in the Zoom web portal, sign in.
- Click User Management on the navigation panel, and then click Group Management.
- You will now see the list of all the groups, and you can select the group you wish to edit by clicking on the Settings icon.
- The Meetings tab will appear.
- Under Security, make sure that End-to-end encryption is enabled under Allow Use of End-to-End Encryption.
- This setting will need to be enabled if it is currently disabled. You can verify that it has been accessed by choosing Turn On if a verification dialog appears.
Note: - Grayed out options indicate that they have been locked at the account level and need to be changed there.
- The lock icon can be clicked to make the setting mandatory for all users in the group. Please make sure that you confirm the setting by clicking Lock, once the lock icon has been clicked.
- Select Default encryption type from the Security tab.
- Press the Save button when you’re done.
- To ensure that your meetings are protected from threats, we recommend that Enhanced encryption is set as the default encryption type and end-to-end encryption is used for meetings that need to be protected even further.
User
You can enable E2EE encrypted meetings for yourself by following these steps:
- To access the Zoom web portal, you will need to sign in.
- Click Settings in the navigation panel.
- Select Meetings.
- Make sure that the Allow use of end-to-end encryption option is checked under Security.
- Click the toggle button to enable this option if it is disabled. Then, if a dialog box appears to verify the change, click Turn On to confirm the change.
Note: A grayed-out option means the account or group has locked it. The Zoom admin must be contacted. - Default encryption must be selected under Security.
- Save your changes.
Note: Due to the weaknesses of the E2EE protocol, we recommend you set the default encryption to Enhanced and use end-to-end encryption for meetings where there is an additional need for protection.
How to use end-to-end encryption for meetings
The green shield icon can be found in the upper left corner of the meeting window after you join the meeting.
As well as reading aloud the security code, the meeting host can also verify that the participants’ codes match.
Frequently asked questions
What level of encryption does Zoom provide?
Public key cryptography provides Zoom with end-to-end encryption.pants generate their own meeting keys, not Zoom’s servers, for each Zoom meeting. Zoom’s servers are unable to decrypt encrypted data relayed through their servers, as they lack the necessary key to decrypt it. As with most messaging platforms today that support end-to-end encryption, this key management strategy is similar.
What is E2EE used for?
E2EE is ideal for when you need enhanced privacy and data protection for your meetings. It provides an extra layer of protection to minimize risk and protect sensitive meeting content. Despite the added security provided by E2EE, this first version of E2EE still has some limitations regarding Zoom functionality (more on that below). Zoom users should consider whether these features will be needed before enabling this version of E2EE.
Is it possible to try all the features of a Zoom meeting?
Not yet. In this version of Zoom’s E2EE, it is not possible to enable certain features in your meetings, such as join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions*, which disables some features.
*Note:
With version 5.5.0, these features are supported in E2EE meetings for desktop, mobile, and Zoom Rooms.
Do free Zoom users have access to end-to-end encryption?
Absolutely. All Zoom accounts, including free and paid ones, can host or join an E2EE meeting from Zoom’s desktop client or mobile app, or from a Zoom Room. This is possible if your account settings permit it.
How is this different from Zoom’s enhanced GCM encryption?
In transit between Zoom applications, clients, and connectors, audio, video, and application sharing (for example, screen sharing, whiteboarding) in Zoom meetings and webinars are usually encrypted using 256-bit AES GCM. A meeting without E2EE enabled is not encrypted until the audio and video content reaches the recipients. Zoom’s servers generate and manage encryption keys for every meeting. Zoom’s servers do not have access to the encryption keys even during a meeting with E2EE enabled.
How do I verify that my meeting is protected by end-to-end encryption?
Meeting screens will display a green shield logo in the upper left corner. They use a padlock to indicate that they use E2EE in their logo. The lock replaces the checkmark found in our 256-bit AES GCM encryption symbol.
As well as the security code, participants will be able to use it to verify the secure connection. This code can be read out loud by the host, and all participants can check that the same code is displayed on their clients.
How will you continue to provide a safe and secure platform?
At Zoom, we put the safety and trust of our users as our top priority. Ourlementation of E2EE will allow us to continually enhance the safety of the platform. E2EE users seeking access to E2EE will be required to participate in a one-time verification process, during which the user will be prompted to enter additional information, such as confirming their phone number via text message. The majority of leading companies take similar steps in order to reduce the amount of accounts that are created on a mass-scale. As users become more familiar with what risk-based authentication is and how it affects their safety, along with our work with human rights organizations and organizations supporting children’s safety, in addition to the ability to lock down a meeting, report abuse, and a variety of other features provided in our security icon, we are confident we will continue to improve the safety of our users.
What is the rest of the timeline for E2EE?
In Phase 2, which is tentatively planned for 2021, we will introduce better identity management and integration with E2EE SSO.