Unverified Commit be6d8a77 authored by Markus Kirsch's avatar Markus Kirsch Committed by gitbook-bot
Browse files

GitBook: [master] 658 pages modified

parent 346eee95
......@@ -202,9 +202,9 @@
* [Tags](guides/omnichannel-guides/omnichannel-manger-guides/tags.md)
* [Priorities](guides/omnichannel-guides/omnichannel-manger-guides/priority-queue.md)
* [Security and Compliance Guides](guides/security/README.md)
* [End-to-End Encryption Algorithms](guides/security/end-to-end-encryption-algorithms.md)
* [Security fixes and updates](guides/security/security-updates.md)
* [Compliance Resources and Certifications](guides/security/compliance-resources.md)
* [Security fixes and updates](guides/security/security-updates.md)
* [End-to-End Encryption Specifications](guides/security/end-to-end-encryption-algorithms.md)
* [Developer Guides](guides/developer/README.md)
* [Quick Start on Linux](guides/developer/quick-start.md)
* [Developing on Windows 10](guides/developer/developing-on-windows-10.md)
......@@ -5,7 +5,7 @@ description: >-
and supplements the user guide.
# End-to-End Encryption Algorithms
# End-to-End Encryption Specifications
## Encryption Process Overview
......@@ -181,6 +181,30 @@ Each route directly corresponds to one server DDP method described above. These
`POST e2e.emptyKeychain()`
`POST e2e.updateGroupE2EKey(uid, rid, key)`
`POST e2e.updateGroupE2EKey(uid, rid, key)`
## Push Notifications of End-to-End encrypted messages
Push Notifications for messages of an E2EE room just contain the encrypted payload of a message, the job of decrypting this content before shown is done locally by the mobile clients \(iOS/Android\).
### Process
Push notifications are sent by the server. The server however doesn't store the unencrypted content of any message from a E2EE room, because only the encrypted string is stored on the server. These encrypted strings only can be decrypted using the private key of a user that is stored locally on clients.
When a new push notification from a E2EE message arrives, it has a messageType: '`e2e`'. The mobile client then starts the process of decrypting the message that is within the push payload, checking for the locally stored private key of a user and the E2EE key of the room that the message came from. If both are found, the message is the decrypted locally on the device and then shows the plaintext message. In this process, only the encrypted message content passed via the push notification gateways.
This feature is available in our **Community Edition.**
### Fetching full message content from server on receipt \(Enterprise Edition only\)
To add an additional layer of security, there exists another feature for push notifications:
`Fetch full message content from the server on receipt`
This means to request the push message content from the server to display it and it does not pass any message content - encrypted or not - via Google/Apple/other push gateways. Instead, the message content itself is fetched by and within the Rocket.Chat client itself. What passes via the gateways is only the information, that a new message should be fetched and then shown as a push notification. Once this is received by the client, the client will fetch the content. This way you can prevent that the message content \(even in encrypted form\) passes via a separate gateway.
Note: This feature is **Enterprise Edition only**.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment