Encrypted channels do not encrypt messages in database

[kinvaris]

Description:

When enabling E2E encryption, I expect the messages send in a encrypted channel to be encrypted from start to finish. Fetching them from the database, encrypted, shipping them to the client and decrypting them on arrival or somewhere on the way. Not stored in plain text in the database.

Steps to reproduce:

Create a encrypted channel and put some messages inside the channel

Expected behavior:

Messages to be encrypted in the database

See docs: https://docs.rocket.chat/docs/e2e-encryption

Actual behavior:

Messages are stored in plain text for some reason?

  {
    _id: 'fAZw2ATh5Fkx4cjKA',
    rid: '67160cdd55aaa39875b4596a',
    msg: 'this is a encrypted message',
    ts: ISODate('2024-10-21T08:12:45.388Z'),
    u: {
      _id: 'X7ZSLm7umWPBNaDxT',
      username: '<username>',
      name: '<full name of user>'
    },
    _updatedAt: ISODate('2024-10-21T08:12:45.447Z'),
    urls: [],
    mentions: [],
    channels: [],
    md: [
      {
        type: 'PARAGRAPH',
        value: [
          { type: 'PLAIN_TEXT', value: 'this is a encrypted message' }
        ]
      }
    ]
  }

Server Setup Information:

• Version of Rocket.Chat Server: 6.12.0
• License Type: Starter
• Number of Users: 2
• Operating System: Debian 11
• Deployment Method: Openshift
• Number of Running Instances: 1
• DB Replicaset Oplog: Enabled
• NodeJS Version: 14.21.3 - x64
• MongoDB Version: 8.0.1

Client Setup Information

• Desktop App or Browser Version: Chrome
• Operating System: Arch Linux

Relevant logs:

None of major significance

[reetp]

First note the warnings:

IMPORTANT: E2E encryption functionality is currently in beta and includes notable restrictions that workspace owners should carefully consider before activating this feature for production use

Next, I am not sure what you have done but I don't believe that room is encrypted.

See the image here under 'FAQ'

https://docs.rocket.chat/v1/docs/end-to-end-encryption-user-guide

There should be a key to indicate the room is encrypted and I think there should be a key next to encrypted messages as well.

You might want to check the settings for E2E:

/admin/settings/E2E Encryption

eg

Unencrypted messages in encrypted rooms Allow plain text messages to be sent in encrypted rooms. These messages will not be encrypted.

Also note that first, you are on an outdated version of 6.12.x and should upgrade rather urgently, and second when testing you should be doing so on the latest code as per the bug template and links:

https://developer.rocket.chat/docs/contribute-through-bug-reporting

[github-actions[bot]]

This issue has been marked as stale because there has been no further activity in the last 10 days. If the issue remains stale for the next 4 days (a total of 14 days with no activity), then it will be assumed that the question has been resolved and the issue will be automatically closed.

[milton-rucks]

This room is not encrypted. When the room is encrypted a green key appears in the room header, and the encrypted messages appears with a grey key icon on the next

[github-actions[bot]]

This issue has been marked as stale because there has been no further activity in the last 10 days. If the issue remains stale for the next 4 days (a total of 14 days with no activity), then it will be assumed that the question has been resolved and the issue will be automatically closed.