Advanced chat encryption in Zoom App

This post was most recently updated on July 22nd, 2022

In order to ensure the security of chat messages between Zoom users, advanced chat encryption has been implemented. Using the Advanced Encryption Standard (AES) 256-bit algorithm, all chat messages are encrypted using the TLS 1.2 protocol with advanced encryption.

The following topics are covered in this article:

  • Differences when advanced chat encryption is enabled and disabled
  • Limitations after enabling advanced chat encryption
    • User
    • Admin
  • Enabling advanced chat encryption
  • Using encrypted chat
    • Troubleshooting failures to decrypt messages

Prerequisites

  • Zoom desktop client
    • Windows: 4.1.8826.0925 or higher
    • macOS: 4.1.8826.0925 or higher
  • Zoom mobile app
    • Android: 4.1.8855.0925 or higher
    • iOS: 4.1.8855.0925 or higher

Differences when advanced chat encryption is enabled and disabled

It is possible to enable advanced chat encryption in the following ways:

  • Data at rest: During the chat participants’ devices are used to generate and operate keys that encrypt the content.
  • Data in transit: During the transit of the chat, TLS is used to encrypt the information

When advanced chat encryption is disabled, the following will happen:

  • Data at rest: AWS Key Management Services (AWS KMS) is used to encrypt chat content on our AWS server using keys generated and maintained by our team.
  • Data in transit: A TLS encryption protocol is used during the transmission of chat messages

Limitations after enabling advanced chat encryption

The following advanced chat features are no longer available to users and admins once advanced chat encryption has been enabled:

User

  • Animated GIFs can be sent via email
  • There is an option to view the files/images in the right-side panel (by clicking the info icon, this panel will be displayed)
  • It is possible to edit the messages that have been sent
  • In chat notifications, you can view a preview of the message that has been sent
  • Keep track of chat messages by bookmarking them
  • The history of your chats can be searched by clicking here
  • For chat messages that include URLs, you will be able to see link previews of the URLs
    Note: Admins have the option of enabling link previews by default, although by default they are disabled.

Admin

  • In the chat history, you can view the text of the messages you sent
    Note: Admins can still see:
    • There are a number of metadata associated with the message such as the name of the file, it’s size, and the date and time when it was sent.
    • Commentary on the messages that were sent
    • In the case of an external account where advanced chat encryption has been disabled, external messages are received

**Note: In Windows, macOS, Android, and iOS, link previews and chat history searches are supported if you are using a version of 5.8.0 or higher.

Enabling advanced chat encryption

Note: It should be noted that IM groups have been merged with groups in Zoom accounts created after August 21, 2021, or in accounts that have New Admin Experience enabled on them. Create groups and change the settings of your groups by learning how to do so.

For all members of your organization to be able to use advanced chat encryption, please follow these steps:

  1. Log in to the Zoom web portal by entering your email address and password.
  2. You can access the IM management by clicking the Account Management link in the navigation panel.
  3. Select the IM Settings tab on the left side of the screen.
  4. Enable the advanced chat encryption option by checking the Enable advanced chat encryption box.
    The setting can be enabled by clicking the toggle to the left of the setting if it is disabled. To verify the change, a verification dialog will appear and you will need to choose Turn On.
  5. In order to enable link previews by clicking the Enable link preview checkbox, you will need to enable advanced chat encryption.
    In the event that this option is enabled, link previews will be shown when the sender or receiver of a chat message includes a link. As soon as the sender sends the message, the local application will detect the URL in the message and share the preview with the receiver prior to encrypting the message. It must be noted that this feature detects only URLs followed by a non-empty space, and the URL must match http:// or https:// followed by a non-empty space. The default setting for this feature is to disable it.

Using encrypted chat

A lock icon will appear on chats in the Zoom desktop client and mobile app tab if advanced chat encryption is enabled. This icon indicates that advanced chat encryption has been enabled in the chat.

It is not until the user opens Zoom that they will be able to view the encrypted chat. When an encrypted chat is received, a notification will appear on the lock screen, as well as on the notifications panel.

Troubleshooting failures to decrypt messages

A situation may arise where a message sent using Advanced Chat Encryption cannot be decrypted and viewed when the message has been encrypted. There is a tendency for this to happen because the users aren’t connected at the same time, and therefore they are unable to share the key that is needed to decrypt the message at the same time. The key will be automatically shared between the users once they are online, and the message will be decrypted as soon as both users are online.

The key that is used to encrypt the message(s) is lost and cannot be recovered if the user deletes their chat messages or uninstalls it before the message(s) are decrypted and viewed. This occurs if the user clears their chat messages or uninstalls the Zoom client before the message is decrypted and viewed. Due to the fact that the key to decrypt the sent message no longer exists on either device, it is no longer possible to decrypt the message sent.