Why ONLYOFFICE is the safest way to work on docs
Unbreakable document encryption
ONLYOFFICE uses the AES-256 algorithm to encrypt documents with brute force-resistant keys. To exhaust this encryption, 50 supercomputers would need around 3×1051 years.
Encrypted real-time co-editing
ONLYOFFICE encrypts the data transfer while collaborating on documents online. This prevents outsiders from being able to read or understand the changes you or your co-authors make.
No manual actions with passwords
You don’t need to invent, send or enter any passwords: they are generated automatically on-device and transferred in encrypted form when sharing the document.
Entirely private storage
Every bit of information in a Private Room is encrypted. Copying, moving, versioning, and re-writing are not possible to keep data safe under all circumstances.
How it works
Private Room works via the
ONLYOFFICE Desktop Editors interface to encrypt and decrypt the data on the client and make the security endpoint.
1. Getting encryption key pair
Upon the first login to the cloud, the desktop app generates a pair of keys for the user, private and public, and remembers them.
The private key is encrypted with the user’s password and stored together with the public key in the user database in ONLYOFFICE.
2. Encrypting documents
At the moment, you can encrypt DOCX, XLSX, and PPTX files in a Private Room.
After a user places a document or saves the newly-created one within a Private Room, the data is encrypted with 256-bit password generated automatically within the app.
This password is then encrypted with a public key of the user.
The pair of passwords for the encrypted document and the public keys of all users with access are recorded in the unencrypted part of the file together with the encrypted document contents.
The resulting file is stored in a Private Room in the ONLYOFFICE cloud.
When accessing the encrypted file, the user’s instance of ONLYOFFICE Desktop Editors decrypts the file key using their private key, and opens the file.
3. Sharing and collaborating on documents
When a user shares a protected file, the file key is encrypted with the public keys of all users with access to the file. On their machines, it is decrypted using their private keys.
In co-editing, each user’s inputs are individually encrypted and shared using the above-mentioned asymmetric encryption in transfer.
What you can and can’t do in a Private Room
To make sure your data is safe, some actions are restricted in Private Rooms.
Create and upload files
Copy files
Browse your protected files and files
shared with you
Move files shared with you
Create folders
Move files to bin or outside the Private Room
Move your files within a Private Room
Upload folders
Delete files permanently
Overwrite files by moving or uploading
Share files with users who have encryption
credentials
Restore file versions
Co-edit files
Share files with users without encryption
credentials
Create and upload files
Browse your protected files and files shared with you
Create folders
Move your files within a Private Room
Delete files permanently
Share files with users who have encryption credentials
Co-edit files
Copy files
Move files shared with you
Move files to bin or outside the Private Room
Upload folders
Overwrite files by moving or uploading
Restore file versions
Share files with users without encryption credentials
Getting started
Step 1. Deploy the latest version of ONLYOFFICE Workspace (
Community and
Enterprise editions) on your own server.
Step 2. Enable Private Rooms in the Portal Settings of Control Panel.
Step 3. Install the latest version of
ONLYOFFICE Desktop Editors.
Step 4. Connect the desktop application to the ONLYOFFICE instance in the Connect to cloud section.
Step 5. Go to the Private Room section and start editing and co-editing your documents privately.
ONLYOFFICE Private Rooms
ONLYOFFICE Docs
Protect your sensitive documents with ONLYOFFICE now
Try now
Frequently Asked Questions
- What are the scenarios for using Private Rooms?
Private Rooms are the space where every piece of data is encrypted, including the states of storage, editing and collaboration. We recommend using Private Rooms for working with all sensitive documents, as the feature provides ultimate protection of data even against unauthorized actors who have access to the document management system or the server itself.
- What is "Encrypted real-time co-editing”?
Private Rooms mechanics include document collaboration in the encrypted form. Every change made to the document is encrypted separately using the same algorithm, sent over to the server, and decrypted on the collaborator’s machine.
- Does each user have their own key or does each document have its own key? How are the encryption keys generated?
Each user has a personal key pair used in asymmetric encryption of the file encryption key. Each file receives its own encryption key when it is being encrypted. The keys are generated by the application using a number of variables derived from the user password, installation ID, and other sources. Key generation is explained in the White Paper.
-
How are the file encryption keys in Private Rooms stored and protected?
The encryption keys of each file are encrypted and decrypted on the machine using asymmetric encryption and stored in the encrypted form within the file system.
-
How are the encryption keys distributed between the users when a file is shared?
When you share a file in the Private Rooms, the encryption key is encrypted using the recipient’s public key. The received file is then decrypted on their machine with their private key when the user opens it.
- Is there a master key for all the encrypted files?
We do not use master keys in document encryption. The asymmetric encryption with personal RSA key pairs used in ONLYOFFICE is a more reliable method that also enables encrypted collaboration.