How to enable end-to-end encryption while real-time co-editing in ONLYOFFICE Workspace
ONLYOFFICE Workspace is an open-source self-hosted solution for team management and collaboration which includes:
- ONLYOFFICE Docs - online editors for text documents, spreadsheets, and presentations (AGPL v.3).
- ONLYOFFICE Groups - online collaboration platform which comprises tools for managing documents, projects, customers, and emails along with the admin panel for platform configuration (Apache 2.0).
- ONLYOFFICE Mail Server - a solution to create corporate mailboxes and manage them (GPL v.2).
- ONLYOFFICE XMPP Server - an app to exchange instant messages (GPL v.2).
In this tutorial, we’ll learn how to enable Private Rooms for encrypted real-time co-editing in ONLYOFFICE Workspace.
What are Private Rooms
In ONLYOFFICE, Private Rooms are protected workplaces for encrypted collaboration where every symbol you type is encrypted using the AES-256 algorithm.
Private Rooms work via the ONLYOFFICE desktop app’s interface to encrypt and decrypt the data on the client and make the security endpoint.
Unlike other cloud services or virtual rooms that provide strong file encryption but don’t offer any integrated editing tools, ONLYOFFICE allows secure document editing and collaboration. In Private Rooms, all data is encrypted locally on the machine and transferred to the server in an encrypted form.
ONLYOFFICE allows you not only to encrypt your documents to store them but also to securely share and co-edit docs in real time. All the documents you work with in Private Rooms are encrypted once created or uploaded. All inputs made by co-authors including objects, images, etc. are encrypted on one end, transferred to the server in an encrypted form and then decrypted on the other.
The encryption data is automatically generated and transferred and is encrypted itself. And you don’t have to keep or remember any passwords.
What actions are allowed/restricted in Private Rooms
You are able to:
- Create and upload files (.docx, .xlsx, .pptx)
- Browse your protected files and files shared with you
- Create folders
- Move your files within a Private Room
- Delete files permanently
- Share files with users who have encryption credentials
- Co-edit documents
You are NOT able to:
- Copy files
- Move shared files
- Move files outside the Private Room
- Share files with users without encryption credentials
- Upload folders
- Overwrite files by moving or uploading
- Restore file versions
Step 1: Enable Private Rooms
If you’re new to ONLYOFFICE Workspace, follow this HowtoForge tutorial to install it on your Ubuntu machine using the provided script.
Once you have it installed, check if Private Rooms are enabled (as a rule, this feature is enabled by default).
Launch your ONLYOFFICE Workspace and enter the Documents module - there you will see a Private Room folder. If not, activate it in the Control Panel:
Step 2: Install ONLYOFFICE desktop app
The next step is to install the latest version of the free open-source ONLYOFFICE Desktop Editors used to encrypt and decrypt the data on the client.
From DEB package:
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys CB2DE8E5
Using any available text editor (e.g. nano),
add the following record to the /etc/apt/sources.list file:
deb https://download.onlyoffice.com/repo/debian squeeze main
Then run these commands:
sudo apt-get update
sudo apt-get install onlyoffice-desktopeditors
From snap package:
sudo apt update
sudo apt install snapd
snap install onlyoffice-desktopeditors
Step 3: Connect desktop app to the cloud
Launch the desktop application and connect it to your ONLYOFFICE Workspace. Go to the Connect to cloud section and specify your web office address in the pop-up window:
Once logged in, go to the Private Room section and start editing and co-authoring your documents in a private and secure environment:
That’s all! Private Rooms don’t require any extra components or additional registration to create a new encryption entity. In fact, there is no difference for you as a user between casually editing and collaborating on your documents and working in the encrypted mode.