Setting up advanced chat encryption

Advanced chat encryption will securely send chat messages between Zoom users. Encrypted messaging encrypts all chat messages using TLS 1.2 with Advanced Encryption Standard (AES) 256-bit algorithm.

This article covers:

• Differences when advanced chat encryption is enabled and disabled
• Limitations after enabling advanced chat encryption 
  • User
  • Admin
• How to enable advanced chat encryption
• How to use encrypted chat
  
  • Troubleshooting failures to decrypt messages

Prerequisites for using advanced team chat encryption

• Zoom desktop client for Windows, macOS, or Linux: Global minimum version or higher
• Zoom mobile app for Android or iOS: Global minimum version or higher

Differences when advanced chat encryption is enabled and disabled

When advanced chat encryption is enabled:

• Data at rest: Content is encrypted by keys generated & operated on chat participants' devices.
• Data in transit: Chat is encrypted in transit using TLS

When advanced chat encryption is disabled:

• Data at rest: Chat content is encrypted by keys generated and operated on our AWS server with AWS KMS.
• Data in transit: Chat is encrypted in transit using TLS

Limitations after enabling advanced chat encryption 

After you enable advanced chat encryption, users and admins can't use these chat features:

User

• Send animated GIFs
• View files/images in the right-side panel (click the info icon  to display this panel)
• Edit sent messages
• View message previews in chat notifications
• Bookmark chat messages
• Search chat history**
• See link previews for chat messages with URLs**
  Note: Link previews are disabled by default but can be enabled by admins.
• Send interactive cards when using a Zoom App in Team Chat
  Note: Plain text is provided instead of the interactive card.
• Setting a reminder for messages with advanced encryption

Admin

• View message text in chat history
  Note: Admins can still see:
  • Metadata such as chat participants, file name, size, and the date/time of the message sent
  • Reactions to the messages
  • External messages received if advanced chat encryption is disabled in the external account

**Note: Link previews and chat history search are supported if using version 5.8.0 or higher for Windows, macOS, Android, and iOS. 

How to enable advanced chat encryption

To enable the advanced chat encryption for all members of your organization:

1. Sign in to the Zoom web portal.
2. In the navigation panel, click Account Management then Account Settings.
3. Click the Team Chat tab.
4. Verify that the Enable advanced chat encryption option is enabled.
   If the setting is disabled, click the toggle to enable it. If a verification dialog displays, choose Turn On to verify the change.
5. (Optional) If enabling advanced chat encryption, select the Enable link preview check box to enable link previews.
   When enabled, link previews will be shown to users who send or receive chat messages with links. The local application will detect the link in the sender's message before it is encrypted, and the preview will be shared between the sender and recipient. Only URLs are detected by this link preview feature and they must match http:// or https:// followed by a non-empty space. This feature is disabled by default.

How to use encrypted chat

After enabling advanced chat encryption, chats in the Zoom desktop client and mobile app tab will display a lock icon  to indicate that advanced chat encryption is enabled.

Users will not see the encrypted chat until they open Zoom. Notifications (including those on the lock screen) will state that they have received an encrypted chat. 

Troubleshooting failures to decrypt messages

When using advanced chat encryption, there may be situations where a sent message cannot be decrypted and viewed. This is often due to both users not being connected at the same time and thus unable to share the key that is used to decrypt the message. As soon as both users are online, the key will be automatically shared between them and the message decrypted. 

If a message is sent and the user clears their chat messages or uninstalls the Zoom client before the message is decrypted and viewed, then the key that was used to encrypt the message(s) is lost and cannot be recovered. This means that the sent message cannot be decrypted, as the key to do so no longer exists on either device.