Using end-to-end encryption (E2EE) in Zoom meetings
If enabled in the Zoom web portal, end-to-end encryption (E2EE) provides additional protection for your Zoom meetings. E2EE for meetings requires all meeting participants to join from the Zoom desktop app, mobile app, or Zoom Rooms.
Meeting hosts on free accounts can also enable and use E2EE, but will need to verify their phone number via a code sent to them using SMS. Other participants do not need to verify their phone number.
Requirements for using end-to-end encryption during meetings
When E2EE is enabled in the Zoom web portal, it will be enabled in a meeting when all participants meet the necessary prerequisites.
Post-quantum end-to-end encryption (PQ E2EE) requires all meeting participants to be on Zoom desktop or mobile app version 6.0.10 or higher or Zoom Rooms version 6.1.0 or higher. If all meeting participants meet the prerequisites for post-quantum end-to-end encryption, it will automatically be used in the meeting. If some meeting participants do not meet this minimum version requirement, then standard end-to-end encryption will be used instead.
Standard end-to-end encryption (E2EE)
Note: If all meeting participants are on version 6.0.10 or higher, PQ E2EE will be used in the meeting.
Post-quantum end-to-end encryption (PQ E2EE)
- Allow use of end-to-end encryption enabled in the Zoom web portal
- Zoom desktop app for Windows, macOS, or Linux: 6.0.10 or higher
- Zoom mobile app for Android or iOS: 6.0.10 or higher
- Zoom Rooms for Conference Room: 6.1.0 or higher
Limitations of end-to-end encryption for meetings
- The Zoom Web App and third-party clients leveraging the Zoom Web SDK are not currently supported. To learn more, refer to the developer documentation for SDKs.
- Users will not be able to join by telephone, SIP/H.323 devices, or on-premise configurations, as these endpoints cannot be encrypted end-to-end.
- Calling out to SIP/H.323 devices from Zoom Rooms will also be disabled.
- E2EE meetings are limited to 1000 meeting participants. Learn more about meeting participant limits.
- Enabling E2EE will disable the following in-meeting features:
- AI Companion features
- Breakout rooms*
*Note: If you want to use breakout rooms in end-to-end encrypted meetings, submit a request to Zoom Support to have this feature enabled. Each breakout room will have its own unique meeting encryption key. - Cloud recording
- Continuous meeting chat
- Live streaming
- Live transcription
- Polling and Surveys
- Zoom Apps
- Zoom Notes
- Zoom Whiteboard
How to use and identify encryption in meetings
Identify the shield icon in the meeting window
The type of encryption in a meeting is represented by the shield icon at the top of the meeting window. To confirm what type of encryption a meeting is using, click the shield icon to display meeting information, including the encryption type.
The following table details what each of the encryption shield icons represent.
Icon shown in meeting | Icon description | Meeting encryption type | Encryption type displayed in meeting information |
---|
| Green shield with padlock | End-to-end encryption (including standard and post-quantum end-to-end encryption) | End-to-end encrypted or Post-quantum end-to-end encrypted |
| Green shield with check mark | Enhanced encryption (not end-to-end encrypted) | Enhanced |
| Orange shield with exclamation point | Partial encryption (not end-to-end encrypted; one or more endpoints in the meeting does not support encryption) | Enhanced (with notation for number of exceptions) |
Verify security codes for end-to-end encrypted meetings
In addition to identifying the shield icon that appears in the meeting window, the meeting host should also read the security code aloud and the meeting participants can verify that their codes match. Participants will see the security code that they can use to verify the secure connection.
- On a supported Zoom app or device, start an end-to-end encrypted meeting as the host.
- Click or tap the shield icon at the top of the meeting window.
Meeting information will be displayed. - If end-to-end encryption is enabled, click or tap the Verify link to view the security codes.
- Read the security codes to all of the meeting participants. Participants should verify that their codes match.
Frequently asked questions about end-to-end encryption for Zoom meetings
How does Zoom provide end-to-end encryption?
Zoom’s E2EE offering uses public key cryptography. In short, the keys for each Zoom meeting are generated by participants’ machines, not by Zoom’s servers. Encrypted data relayed through Zoom’s servers is indecipherable by Zoom, since Zoom’s servers do not have the necessary decryption key. This key management strategy is similar to that used by most E2EE messaging platforms today.
When would I use E2EE?
E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited. Individual Zoom users should determine whether they need these features before enabling E2EE in their meetings.
Do I have access to all the features of a regular Zoom meeting when E2EE is enabled?
No. Enabling Zoom’s E2EE in your meetings disables certain features, such as join before host, cloud recording, Zoom Whiteboard, AI Companion features, streaming, live transcription, polling, and more. Learn more about the limitations of E2EE.
Do free Zoom users have access to E2EE?
Yes, free and paid Zoom accounts joining directly from Zoom’s desktop or mobile app, or from a Zoom Room, can host or join an E2EE meeting if enabled in the Zoom web portal.
How is end-to-end encryption different from Zoom’s enhanced encryption?
By default, Zoom meetings and webinars use 256-bit AES GCM encryption for real-time audio, video, and shared content in transit between participants using the Zoom client.
In a meeting without E2EE enabled, audio and video content flowing between users’ Zoom apps is not decrypted until it reaches the recipients’ devices. However, the encryption keys for each meeting are generated and managed by Zoom’s servers.
In a meeting with E2EE enabled, nobody except each participant not even Zoom’s servers has access to the encryption keys being used to encrypt the meeting. For additional technical details regarding our end-to-end encryption design, see our cryptography whitepaper.
What’s the difference between standard end-to-end encryption and post-quantum end-to-end encryption?
Post-quantum end-to-end encryption (PQ E2EE) offers the same security property as end-to-end encryption (E2EE), namely that only the meeting participants, and not even Zoom’s server, have access to the keys used to encrypt the meeting. Unlike the latter, PQ E2EE in Zoom Meetings is designed to withstand the threat of an adversary who can capture encrypted network traffic, hoping to acquire a quantum computer in the future and use it to decrypt the captured data. As users upgrade their Zoom desktop and mobile app to version 6.0.10 or higher, all end-to-end encrypted meetings will start leveraging our latest PQ E2EE protocol.
Note: Zoom’s post-quantum end-to-end encryption is not designed to defend against potential attacks that would require the current existence of a quantum computer capable of breaking classical cryptography at the time a meeting takes place. Zoom is closely monitoring advancements in this space, and preparing for further protocol updates once this becomes a more concrete threat. See our cryptography whitepaper for more details.
How can I verify that my meeting is using end-to-end-encryption?
Learn how to use and identify meeting encryption.
How can account owners or admins verify that a meeting is using end-to-end-encryption?
Account owners and admins on Business or Enterprise plans can access the Dashboard for meetings, locate a meeting, then view the Encryption column to see if a specific meeting has E2EE. Hover over the icon in the Encryption column to view encryption details.
How will Zoom continue to provide a safe and secure platform?
Zoom’s top priority is the trust and safety of our users, and our implementation of E2EE is an important part of how we continue to enhance safety on our platform. Users on free Zoom accounts seeking access to E2EE must participate in a one-time verification process that will prompt the user for additional pieces of information, such as verifying a phone number via text message. Many leading companies perform similar steps to reduce the mass creation of abusive accounts. By implementing risk-based authentication, in combination with additional in-meeting security options — including meeting hosts’ ability to lock down a meeting, suspend participant activities, report abuse, and a myriad of other settings — we can continue to enhance the safety of our users and their meetings.
E2EE is best for when you want enhanced privacy and data protection for your meetings, and is an extra layer to mitigate risk and protect sensitive meeting content. While E2EE provides added security, some Zoom functionality is limited. Individual Zoom users should determine whether they need these features before enabling E2EE in their meetings.