TABLE OF CONTENTS
- Overview
- Caveats
- Prerequisites
- Firewall and proxy server settings
- Enabling end-to-end encryption (E2EE) for meetings
- Scheduling a meeting with E2EE enabled
- Using E2EE for meetings
- Frequently Asked Questions
- Useful Links
Overview
By default, all data sent between a client and the Zoom Server is encrypted. However, once the data reaches the Zoom server, it decrypts the data and encrypts it again before sending it out to the end-user. Although Zoom's Chief Product Officer Oded Gal assures that 'Zoom's staffers do not decrypt at any point before it reaches the receiving clients' it does not remove the possibility that a third-party cannot.
So essentially, Zoom meetings are encrypted by default, but just not end-to-end. Your meetings are most likely safe, but if you would like to add an extra layer of security, follow the steps outlined in this article.
Caveats
Enabling end-to-end encryption for meetings will require all participants to join from the Zoom desktop client or mobile app. This means that participants cannot join by telephone, SIP/H.323 devices, on-premise configurations, or Lync/Skype clients, as these endpoints cannot be encrypted end to end. Furthermore, Zoom web client and third-party clients leveraging the Zoom SDK are also not supported at launch.
Enabling this setting also disables the following features:
- Join before host
- Cloud recording
- Livestreaming
- Live transcription
- Breakout Rooms
- Polling
- Meeting reactions*
- 1:1 private chats*
*Note: As of version 5.5.0 for desktop, mobile, and Zoom Rooms, these features are supported in E2EE meetings.
Prerequisites
Zoom Desktop Client
- Windows: 5.4.0 or higher
- macOS: 5.4.0 or higher
- Linux: 5.4.0 or higher
Zoom mobile app
- Android: 5.4.0 or higher
- iOS: 5.4.0 or higher
Notes:
Zoom web client and third-party clients leveraging the Zoom SDK are not currently supported.
Users will not be able to join by telephone, SIP/H.323 devices, on-premise configurations, or Lync/Skype clients, as these endpoints cannot be encrypted end to end.
Firewall and proxy server settings
3.138.115.0/27
44.242.143.128/27
Port 443
Enabling end-to-end encryption (E2EE) for meetings
To enable End-to-end (E2EE) encrypted meetings for your own use:
1. Sign in to the Zoom web portal (zoom.us)
2. In the navigation panel, click Settings.
3. Click the Meeting tab.
4. Under Security, verify that Allow use of end-to-end encryption is enabled.
5. If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.
6. Under Security, choose End-to-end encryption and click save.
Scheduling a meeting with E2EE enabled
You can schedule a meeting in the desktop application, on your mobile phone, or on the web application. You will just notice that a new section called 'Encryption' has been added.
| Note: Once E2EE is enabled for your meetings, it will be effective for all of your future scheduled meetings and the features mention in the 'Caveat' section will be disabled. If you wish to schedule a meeting without E2EE, you must disable E2EE in your meeting settings (see Enabling end-to-end encryption for meetings). |
Using E2EE for meetings
Once you’ve joined the meeting, check for the green shield icon in the upper left corner of the meeting window.
The meeting host can also read the security code aloud and the participants can verify that their codes match. If the codes match, it's a safe session!
Frequently Asked Questions
How does Zoom provide end-to-end encryption?
Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.
When would I use E2EE?
E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited in this first E2EE version (more on that below). Individual Zoom users should determine whether they need these features before enabling this version of E2EE in their meetings.
Do I have access to all the features of a regular Zoom meeting?
Not right now. Enabling this version of Zoom’s E2EE in your meetings disables certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat*, and meeting reactions*.
*Note: As of version 5.5.0 for desktop, mobile and Zoom Rooms, these features are supported in E2EE meetings.
Do free Zoom users have access to end-to-end encryption?
Yes. Free and paid Zoom accounts joining from Zoom’s desktop client or mobile app, or from a Zoom Room, can host or join an E2EE meeting.
How is this different from Zoom’s enhanced GCM encryption?
Zoom meetings and webinars by default use AES 256-bit GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers. In a meeting with E2EE enabled, nobody except each participant – not even Zoom’s servers – has access to the encryption keys being used to encrypt the meeting.
Useful Links
For more information about Zoom's development of E2EE, refer to the following page:
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/