End To End Encryption

What’s all the hype about, how does it work, and why should you care?

What is Encryption?

Encryption is the act of scrambling data in such a way that it becomes indistinguishable by any person or machine. I won’t be going in depth about the ins and outs of encryption, but we first need to understand what it is and how it works before we can get into what end to end means.

Computers encrypt files using math and cryptography [the art of writing and solving codes] by converting plain text into ciphertext. This is sometimes referred to as encoded text. The ciphertext that comes out will now need the cryptography key to decrypt the text. Otherwise it will look like a bunch of jumbled up characters.

Why is Encryption important? How is it used in day to day life?

Privacy and security are the first things that come to mind when talking about encryption. If you knew a service could read every message you send to your best friend or significant other you probably wouldn’t use it. Especially if you knew they were selling that data or using it to target you ads.

It is also important when talking about data breeches. In the early days of the internet passwords were saved in plaintext. Meaning it only took 1 data breech or 1 malicious system admin for hundreds to thousands of passwords to be leaked as plaintext (these days services can have hundreds of thousand to millions of users). Passwords are now encrypted using hashes and then salted before being stored in a database. Meaning that even if they were leaked it is useless to the attacker.

One more important part of encryption is the secure transmission of transactions (your credit card # to a payment gateway) and securing your medical records. You wouldn’t want any of this information getting out, would you?

Is this not enough? Why do I need End to End?

When talking about storing sensitive data, passwords, and making payments normal encryption is fine. When we go beyond that things get a little muddy.

A lot of encryption is done with what is know as encryption-in-transit. This means that data is encrypted on your device, decrypted by a server only to then be re-encrypted and sent to the recipient. This practice can be fine if you trust the company running the server that is in the middle. The biggest concern would be that server storing and logging what it decrypted and re-encrypted.

So then how can we transmit data through a server without it having to decrypt and re-encrypt the data? This is what is called End to End. When encrypting End to End nobody can read or decrypt the message other than the recipient. Meaning that even if the server stored the data or it was intercepted it would be little to no use.

It isn’t perfect though. As the server can still log that it revived data from you and sent it to the recipient.

How does it work?

Earlier I mentioned cryptography keys. When talking about encryption through the internet there are usually 2 keys that are used. These are called the Public Key and the Private Key. The public key is a key anyone can use to encrypt/encode data. The Private Key is the key that is needed to decrypt the data with that private key.

The key pair is mathematically related so that whatever is encrypted with a public or private key can only be decrypted by its corresponding counterpart.
Sectigo — Public Key Cryptography Explained: What Is It?

To put it simply if you wanted to send a message to your dear Aunt Sally her device would give yours it’s public key. Your device will then take that key and encrypt the message into the appropriate ciphertext. Now your message can go about it’s journey across the internet and bounce around servers till it reaches your Aunt Sally. Then her device will decrypt it so that she can read the original message. This message can be stored to be accessed at a later date and even intercepted by your ISP or other servers it bounced through and nobody can read it without her private key.

The same would happen for her replying only in reverse.

Anyone can encrypt/encode using the public key which is why it’s safe to transmit to the sender. The private key is what needs to be kept safe as that is the only thing that can decrypt the ciphertext. Which is why only the recipient has access to it and thus doesn’t transmit it to the sender.

In conclusion E2EE is important for secure communication through the internet and it is gaining traction as people are becoming more privacy focused and aware about their online presence and activity. Without it your messaged could be read by the company providing you their service or it could be used to target you ads.

Software Engineering student at Operation Spark and WebDev hobbyist.