Keep your documents encrypted, always

Meet ONLYOFFICE Private Rooms where every symbol you type is encrypted end-to-end

Why ONLYOFFICE is the safest way to work on docs

Unbreakable document encryption

ONLYOFFICE uses the AES-256 algorithm to encrypt documents with brute force-resistant keys. To exhaust this encryption, 50 supercomputers would need around 3×1051 years.

Encrypted real-time co-editing

ONLYOFFICE encrypts the data transfer while collaborating on documents online. This prevents outsiders from being able to read or understand the changes you or your co-authors make.

No manual actions with passwords

You don’t need to invent, send or enter any passwords: they are generated automatically on-device and transferred in encrypted form when sharing the document.

Entirely private storage

Every bit of information in a Private Room is encrypted. Copying, moving, versioning, and re-writing are not possible to keep data safe under all circumstances.

How it works

Private Room works via the ONLYOFFICE Desktop Editors interface to encrypt and decrypt the data on the client and make the security endpoint.

1. Getting encryption key pair

Upon the first login to the cloud, the desktop app generates a pair of keys for the user, private and public, and remembers them.
The private key is encrypted with the user’s password and stored together with the public key in the user database in ONLYOFFICE.

2. Encrypting documents

At the moment, you can encrypt DOCX, XLSX, and PPTX files in a Private Room.
After a user places a document or saves the newly-created one within a Private Room, the data is encrypted with 256-bit password generated automatically within the app.
This password is then encrypted with a public key of the user.
The pair of passwords for the encrypted document and the public keys of all users with access are recorded in the unencrypted part of the file together with the encrypted document contents.
The resulting file is stored in a Private Room in the ONLYOFFICE cloud.
When accessing the encrypted file, the user’s instance of ONLYOFFICE Desktop Editors decrypts the file key using their private key, and opens the file.

3. Sharing and collaborating on documents

When a user shares a protected file, the file key is encrypted with the public keys of all users with access to the file. On their machines, it is decrypted using their private keys.
In co-editing, each user’s inputs are individually encrypted and shared using the above-mentioned asymmetric encryption in transfer.

What you can and can’t do in a Private Room

To make sure your data is safe, some actions are restricted in Private Rooms.
Create and upload files
Copy files
Browse your protected files and files
shared with you
Move files shared with you
Create folders
Move files to bin or outside the Private Room
Move your files within a Private Room
Upload folders
Delete files permanently
Overwrite files by moving or uploading
Share files with users who have encryption
Restore file versions
Co-edit files
Share files with users without encryption
Create and upload files
Browse your protected files and files shared with you
Create folders
Move your files within a Private Room
Delete files permanently
Share files with users who have encryption credentials
Co-edit files
Copy files
Move files shared with you
Move files to bin or outside the Private Room
Upload folders
Overwrite files by moving or uploading
Restore file versions
Share files with users without encryption credentials

Getting started

Step 1. Deploy the latest version of ONLYOFFICE Workspace (Community and Enterprise editions) on your own server.
Step 2. Enable Private Rooms in the Portal Settings of Control Panel.
Step 3. Install the latest version of ONLYOFFICE Desktop Editors.
Step 4. Connect the desktop application to the ONLYOFFICE instance in the Connect to cloud section.
Step 5. Go to the Private Room section and start editing and co-editing your documents privately.

ONLYOFFICE Private Rooms


Protect your sensitive documents with ONLYOFFICE now

Try now
Full name is empty
Company name is empty
By clicking Download, you understand and agree to our SLA and Privacy statement.
Please wait...
Your request has been sent successfully
We are sorry, but an error occurred, try again later

Frequently Asked Questions

  • What are the scenarios for using Private Rooms?

    Private Rooms are the space where every piece of data is encrypted, including the states of storage, editing and collaboration. We recommend using Private Rooms for working with all sensitive documents, as the feature provides ultimate protection of data even against unauthorized actors who have access to the document management system or the server itself.

  • What is "Encrypted real-time co-editing”?

    Private Rooms mechanics include document collaboration in the encrypted form. Every change made to the document is encrypted separately using the same algorithm, sent over to the server, and decrypted on the collaborator’s machine.

  • Does each user have their own key or does each document have its own key? How are the encryption keys generated?

    Each user has a personal key pair used in asymmetric encryption of the file encryption key. Each file receives its own encryption key when it is being encrypted. The keys are generated by the application using a number of variables derived from the user password, installation ID, and other sources. Key generation is explained in the White Paper.

  • How are the file encryption keys in Private Rooms stored and protected?

    The encryption keys of each file are encrypted and decrypted on the machine using asymmetric encryption and stored in the encrypted form within the file system.

  • How are the encryption keys distributed between the users when a file is shared?

    When you share a file in the Private Rooms, the encryption key is encrypted using the recipient’s public key. The received file is then decrypted on their machine with their private key when the user opens it.

  • Is there a master key for all the encrypted files?

    We do not use master keys in document encryption. The asymmetric encryption with personal RSA key pairs used in ONLYOFFICE is a more reliable method that also enables encrypted collaboration.