Overview

End-to-end (E2E) encryption for meetings is now available in technical preview.  Enabling end to end encryption for meetings requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.

Enabling this setting also disables the following features: join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.

Enabling end-to-end encryption for meetings

Because end-to-end encryption is in technical preview and disables several other features, we recommend using E2E only for meetings where additional protection is needed. After enabling E2E, you can choose your default encryption type.

To enable End-to-end (E2E) encrypted meetings for your own use:

1.  Sign in to the notredame.zoom.us portal.

2.  In the navigation panel, click Settings.

3.  Click the Meeting tab.

4.  Under Security, verify that Allow use of end-to-end encryption is enabled.

5.  If the setting is disabled, click the toggle to enable it. If a verification dialog displays, click Turn On to verify the change.

6.  Under Security, choose the default encryption type.

7.  Click Save.
Note: Because of the limitations of E2E, we recommend using Enhanced encryption as the default encryption type and using end-to-end encryption for meetings where additional protection is required.

Using end-to-end encryption for meetings

After enabling end-to-end encryption for meetings, meetings you schedule going forward will follow your default choice for encryption.  If you would like to schedule a meeting with the non-default encryption method, you may choose so at the time of scheduling the meeting.

Once you’ve joined the meeting, check for the green shield icon  in the upper left corner of the meeting window.

The meeting host can also read the security code aloud and the participants can verify that their codes match.

FAQ from Zoom when using end-to-end encryption for meetings

How does Zoom provide end-to-end encryption?
Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most end-to-end encrypted messaging platforms today.

When would I use E2EE?
E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited in this first E2EE version (more on that below). Individual Zoom users should determine whether they need these features before enabling this version of E2EE in their meetings.

Do I have access to all the features of a regular Zoom meeting?
Not right now. Enabling this version of Zoom’s E2EE in your meetings disables certain features, including join before host, cloud recording, streaming, live transcription, Breakout Rooms, polling, 1:1 private chat, and meeting reactions.

How is this different from Zoom’s enhanced GCM encryption?
Zoom meetings and webinars by default use AES 256-bit GCM encryption for audio, video, and application sharing (i.e., screen sharing, whiteboarding) in transit between Zoom applications, clients, and connectors. In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers. In a meeting with E2EE enabled, nobody except each participant – not even Zoom’s servers – has access to the encryption keys being used to encrypt the meeting.

How do I verify that my meeting is using end-to-end-encryption?
Participants can look for a green shield logo in the upper left corner of their meeting screen with a padlock in the middle to indicate their meeting is using E2EE. It looks similar to our GCM encryption symbol, but the checkmark is replaced with a lock. 

Participants will also see the security code that they can use to verify the secure connection. The host can read this code out loud, and all participants can check that their clients display the same code.