How to protect your real-time document co-editing with end-to-end encryption on ONLYOFFICE Workspace

1. Overview

The full-featured self-hosted solution (former ONLYOFFICE), presented in this article, gets a new name: it’s called now ONLYOFFICE Workspace. This open-source suite comprises:

  • ONLYOFFICE Docs - online editors for documents, spreadsheets, and presentations;
  • ONLYOFFICE Groups - productivity apps for managing documents, projects, client relationships, and emails along with the admin panel for platform configuration;
  • ONLYOFFICE Mail Server - a solution to create corporate mailboxes and manage them;
  • ONLYOFFICE XMPP Server - an app to exchange instant messages.

Along with productivity aspects, ONLYOFFICE Workspace focuses on data security. In addition to traditional tools, like HTTPS and JWT for data protection or 2FA and SSO for user authentication, ONLYOFFICE Workspace comes with Private Rooms for end-to-end encrypted real-time document co-editing.

Private Rooms are protected workplaces for encrypted collaboration where every symbol you type is encrypted using the unbreakable AES-256 algorithm . In Private Rooms, all data is encrypted locally on the machine and transferred to the server in an encrypted form.

What you’ll learn

This guide will describe how to install and make operational all necessary elements to enable end-to-end encrypted online document co-editing.

What you’ll need

ONLYOFFICE Workspace:

  • CPU dual core 2 GHz or better
  • RAM 6 GB or more
  • HDD at least 40 GB of free space
  • Additional requirements at least 6 GB of swap
  • OS: amd64 Linux distribution with kernel version 3.10 or later

ONLYOFFICE Desktop Editors (version 6.0 or later):

  • CPU dual core 2 GHz or better
  • RAM 2 GB or more
  • HDD at least 40 GB of free space
  • Additional requirements: at least 4 GB of swap
  • Software: OS 64-bit Ubuntu

2. Installing ONLYOFFICE Workspace

First of all, you need to deploy the latest version of ONLYOFFICE Workspace. You can install it on Ubuntu using the provided script. To do that, refer to the instructions given in this tutorial.

After installation is over, launch the browser and enter the local network computer IP address into the URL bar. Don’t use either localhost or 127.0.0.1 network address for the same computer where you have ONLYOFFICE Workspace installed, use its IP address in the local network instead. The installed solution must be up and running indicating the successful installation.


3. Activating the Private Rooms option

Once you are ready with the ONLYOFFICE Workspace installation, check if Private Rooms are enabled (as a rule, this feature is enabled by default).

Launch your ONLYOFFICE Workspace and enter the Documents module - there you will see a Private Room folder. If not, activate it in the Control Panel:


4. Installing ONLYOFFICE Desktop Editors

Private Rooms work via the ONLYOFFICE desktop app’s interface to encrypt and decrypt the data on the client and make the security endpoint. So, the next step is to install the latest version of the free open-source ONLYOFFICE Desktop Editors.

To install desktop editors, refer to this guide.


5. Connecting the desktop editors to ONLYOFFICE Workspace

Once all elements are installed and operational, connect the desktop application to your ONLYOFFICE Workspace in the Connect to cloud section:

  • Switch to the Connect to cloud section at the left side panel.
  • Click the ONLYOFFICE button. Alternatively, you can use the Connect now link at the bottom.

  • Specify your ONLYOFFICE Workspace URL address. It’s also possible to specify the IP address of the machine where ONLYOFFICE Workspace is installed. When ready, click the Connect now button.

  • The ONLYOFFICE Workspace sign in page will open in a new tab of the Desktop Editors interface: enter your email and the password you use to access your account.

  • Click the Sign In button.

Your portal Documents module will open.


6. Using Private rooms to store, manage, edit and collaborate securely on your docs

All the documents you work with in Private Rooms are encrypted once created or uploaded. All inputs made by co-authors including objects, images, etc. are encrypted on one end, transferred to the server in an encrypted form and then decrypted on the other.

The encryption data is automatically generated and transferred and is encrypted itself. And you don’t have to keep or remember a single password.

As you can see, Private Rooms don’t require any technical skills, extra components or additional registration: just go to the Private Room section and start editing and co-authoring your documents in a secure environment.

There is no difference for you as a user between casually editing and collaborating on your documents and working in the encrypted mode. You are able to:

  • Create and upload files (.docx, .xlsx, .pptx)
  • Browse your protected files and files shared with you
  • Create folders
  • Move your files within a Private Room
  • Delete files permanently
  • Share files with users who have encryption credentials
  • Co-edit documents

To make sure your data is safe, some actions are restricted. You are not able to:

  • Copy files
  • Move shared files
  • Move files outside the Private Room
  • Share files with users without encryption credentials
  • Upload folders
  • Overwrite files by moving or uploading
  • Restore file versions

When you work on the encrypted file, it is marked with the protection icon in the editor header:

Stay safe online and keep your documents always encrypted!