Questions tagged [end-to-end-encryption]
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
112 questions
0votes
1answer
51views
Is this an effective scheme to store EEE key on browser client?
Application For the application, I have a user password encrypted private-key, which is basically the root-key stored in servers. User is prompted for password when he logs in, it decrypts the private ...
- 51
5votes
0answers
186views
Why ProtonDrive uses so many layers of encryption that looks redundant
I read their security model which explains how they laid out all these layers. https://proton.me/blog/protondrive-security Files and folders are structured in a tree and called nodes. Each node (file/...
- 51
16votes
2answers
5kviews
How did Israel intercept WhatsApp calls during Oct 7 2023?
Israel defence forces uploaded this conversation that happened between a Hamas terrorist and his family on Oct 7, 2023. He was on a WhatsApp call. How did Israel intercept these WhatsApp calls which ...
- 289
2votes
2answers
573views
End-to-End Encrypted Proxy Using Password Protected Certificate
I have a thought experiment for the community, curious what everyone's take on it is, specifically what are the major flaws in the idea and how could those be addressed without significantly diverging ...
- 234
1vote
1answer
59views
What does TG E2EE encrypted chat provide? Given its open source clients
Telegram server is not open source. Telegram clients are open source. Users can choose to use E2EE encrypted chat within themselves. User A know User B in real life and they know each other's telegram ...
- 173
1vote
1answer
119views
Is it possible to perform input validation in a system with "true" end-to-end encryption?
Imagine there is a secret key, which is used for symmetric encryption. I.e.: anyone with this key can encrypt / decrypt a message. A service allows users to store a message under a certain filepath, ...
- 13
3votes
1answer
659views
Browser- side caching of encrypted sensitive informations in sessionStorage?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to ...
- 377
1vote
1answer
197views
How exactly does OpenGPG protect private keys?
Today it was time again to generate some new PGP key pairs that will be used for end-to-end-encrypted email. Now I'd like to know how exactly OpenPGP protects the private keys. What I have understood ...
- 599
1vote
2answers
293views
Can the WhatsApp servers really not read our messages?
As Whatsapp uses Diffie-Hellman algorithm for a key exchange and SSL certification ensures the authenticity of its server for the end user like me. As per my understanding, messages first has to go to ...
- 11
1vote
5answers
323views
Is it safe to derive the salt from the users email/phone number when pre-hashing a password to be sent to a server?
I'm working on making an end-to-end encrypted app that will store sensitive mental health information. The goal is to make it completely impossible for someone with access to the server to see the ...
1vote
0answers
210views
Encryption of calls and files in XMPP
I use Conversations, and my interlocutor is Monal (or another application for iOS (you can tell which is better)). I plan to use OMEMO for encryption. Are files and photos encrypted or not? Are calls ...
- 11
0votes
0answers
294views
Where to store user private keys in a webapp? [duplicate]
I'm building a webapp where I want to encrypt user data. I've done A LOT of research about this. The main issue is that I want only users to be able to access their data. After reading countless ...
- 111
3votes
1answer
568views
Benefits of the Double Ratchet protocol over the constant Ephemeral DH key exchange
I've been reading lately about the Double Ratchet protocol, how it works conceptually. I understand generally the idea behind the protocol, that it provides Forward Secrecy and Post-Compromise ...
- 133
0votes
0answers
226views
How to implement secure E2EE for a managing App
TL;DR Is it possible to create an end-to-end encrypted web application where newly created users are able to access data encrypted before their creation? My plan is to develop a (let's call it a ...
0votes
0answers
246views
Encrypted messaging app using QR codes for key exchange
I remember seeing an encrypted messaging app a while ago that offered using QR codes to exchange encryption keys between the users. Of course, this only worked when the people met physically, but ...
- 11
