End-to-end encryption is, perhaps, the most secure way through which individuals and group can communicate online in a private and secure manner. It involves encrypting the messages transmitted at both ends of a conversation–that is, at the transmitting and receiving end(s)–in order to prevent anyone else from reading the messages.
Until recent times, end-to-end encryption (E2EE) was the sole domain employed by tech experts, as a result of the complicated operations required to make it functional. In essence, when E2EE is employed in sending an email or an online message, the person the message was intended for would be the only one to see the content of the message–thereby excluding the people monitoring the network, which could include the government, hackers and even the company in charge of your E2EE. This technique provides the highest level of protection and confidentiality available for your messages.
In order to better understand what end-to-end encryption is, we need to understand the different things it is not:
SSL/TLS: Using https://mailfence.com as an example. It is important to note that the “HTTPS” before the URL indicates that SSL/TLS protocol is used in encrypting the data that is transferred between the computer of the sender, and the Gmail servers. The SSL/TLS protocol is more secure than “HTTP.” Several websites use SSL/TLS to protect against intermediaries with malicious intent. The disadvantage associated with using SSL/TLS alone, is that data is only encrypted between the device and the Gmail Servers, that is, Gmail alone has the keys to decrypt the data.
SMTP over TLS (STARTTLS): Using a yahoo mail user (the sender) and a Gmail user (the receiver) as an example. When an email is sent between these two mail services with the STARTTLS protocol, the message between the two servers is encrypted; unless the recipient server also support this security protocol. Although, the SMTP over TLS protocol is secure and ensures confidently, it is, however, not the ultimate protocol in terms of data security, as it provides both the sending and receiving server with access to the message content. Also, several receiving servers do not support STARTTLS.
The encryption used by most companies only protect the data when it is in transit between the device–from which the message is sent–and the company’s servers. For instance, when you send and receive an email through a service that does not use end-to-end encryption, such as Hotmail or Gmail, the company is able to gain access to the content of your messages because they have the encryption keys. However, E2EE helps to eliminate the possibility of the company possessing the decryption.
How does E2EE work?
End-to-end encryption requires both the sender and recipient to each have a pair of cryptographic keys, which include one public key, and one private key. For instance, John wants to say hello to Jane in private. Jane has both cryptographic keys, that is, the public and the private key. The public key can be shared with anyone; however, Jane alone has the private key.
- First, John uses Jane’s public key to encrypt the message, thereby turning a simple “Hello Jane” into a ciphertext–a scrambled, seemingly random set of characters.
- Thereafter, he sends the already encrypted message over the internet, where it passes through multiple servers, including the ones that belong to the email service they are employing, and their internet service providers. These companies may want to attempt to read the message, or share them with external parties; however, it is impossible to convert the ciphertext back into readable text without Jane’s private key.
- When Jane receives the message, she decrypts it using her private key.
- Should Jane want to send a reply to John, she would also encrypt the message using John’s public key, following the aforementioned process.
Digital signatures and end-to-end encryption
While end-to-end encryption helps to protect the privacy of your message, digital signatures provide extra security attributes. A digital signature is the digital equivalent of a stamped seal of a handwritten signature, and it was designed to solve the problems of impersonation and tampering during digital communication. Some of the security attributes provided by digital signature includes:
Integrity: This helps to ensure that the message was not altered while it was in transit.
Non-repudiation: This ensures that the sender is unable to deny the origin of the sent message.
Sender verification: This feature helps to verify that the sender is who s/he claims to be.
When digital signature is added to a particular message or document, a one-way encryption is added to the content of the message, using the public and private key pair. Although, the client can still read it, the process creates a signature that can be decrypted by the public key of the server alone. The recipient can then validate the sender, as well as the integrity of the message through the public key of the server.
Regardless of the message content, when the transmission arrives with a digital signature that does not match the public key in the digital signature, it becomes known that the message has been altered.
Advantages of E2EE
- It protects your data from being hacked.
- It provides security and authenticity.
- It ensures the privacy of your data
- It protects free speech, and shields activists, journalists and dissidents from intimidation