E2EE in lib-jitsi-meet

Hello, I want to ask is there a way at the moment to use our own key for e2ee ?
We have an application which uses lib-jitsi-meet, but the application itself have rooms, chat etc., and some of these rooms are encrypted with a key.
We can make a jitsi call (with lib-jitsi-meet) within any of these rooms and our task is if the room is encrypted, to get its key and when we make a jitsi call to use that key for the jitsi E2EE.

At the moment I see jitsi automatically make keys and provide them between the participants.

@saghul ?

Do we have any news on this?
I see two interesting commits:
https://github.com/jitsi/lib-jitsi-meet/commit/afc006e99a42439c305c20faab50a1f786254676
https://github.com/jitsi/jitsi-meet/commit/2e69ec71c563e479ef25aa56635eecaa6f7e7356

Any idea / doc on how externally managed key mode will be implemented?
Example: the key will be injected like a jwt token with a query string parameter

1 Like

I asked the same question here

Hey folks, sorry I missed this thread.

We are waiting on some validation checks, but externally managed E2EE mode has landed indeed.

This mode is for those who are integrating Jitsi Meet into other applications which already have some kind of E2EE channel where they can derive a shared secret from. This API allows for setting the (shared) key material externally. Jitsi Meet will use it without further deriving it.

3 Likes

Thanks @saghul

Can you explain in a little more detail how jitsi expects to get the secret from an external service?

I think we need to fork jitsi-meet.
Add a custom layer to share the secret / key, and finally dispatch a SET_MEDIA_ENCRYPTION_KEY action.
Maybe enabling the externallyManagedKey flag in the settings, just disables all the key rotation stuff…

With this API from the iframe: jitsi-meet/external_api.js at 7bbc3bcf9e2d9dfd9b5ff5cc89c1d32f4701b548 · jitsi/jitsi-meet · GitHub

You pass an object with 2 properties, the CryptoKey itself and an index (to support key rotation). Then you can turn e2ee on and that key will be used: jitsi-meet/external_api.js at 7bbc3bcf9e2d9dfd9b5ff5cc89c1d32f4701b548 · jitsi/jitsi-meet · GitHub

You don’t need to do that, there is an API for it in the iframe.

1 Like