Questions tagged [end-to-end-encryption]
End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse.
106 questions
3
votes
1
answer
569
views
Browser- side caching of encrypted sensitive informations in sessionStorage?
We are currently implementing envelope encryption to securely encrypt sensitive data(name, emails, phone numbers, photo, previous employers etc.) about our users. However, we are now thinking about to ...
- 347
1
vote
1
answer
84
views
How exactly does OpenGPG protect private keys?
Today it was time again to generate some new PGP key pairs that will be used for end-to-end-encrypted email. Now I'd like to know how exactly OpenPGP protects the private keys.
What I have understood ...
- 599
1
vote
2
answers
211
views
Can the WhatsApp servers really not read our messages?
As Whatsapp uses Diffie-Hellman algorithm for a key exchange and SSL certification ensures the authenticity of its server for the end user like me.
As per my understanding, messages first has to go to ...
- 11
1
vote
5
answers
301
views
Is it safe to derive the salt from the users email/phone number when pre-hashing a password to be sent to a server?
I'm working on making an end-to-end encrypted app that will store sensitive mental health information. The goal is to make it completely impossible for someone with access to the server to see the ...
- 115
1
vote
0
answers
176
views
Encryption of calls and files in XMPP
I use Conversations, and my interlocutor is Monal (or another application for iOS (you can tell which is better)).
I plan to use OMEMO for encryption. Are files and photos encrypted or not?
Are calls ...
- 11
0
votes
0
answers
238
views
Where to store user private keys in a webapp? [duplicate]
I'm building a webapp where I want to encrypt user data. I've done A LOT of research about this.
The main issue is that I want only users to be able to access their data. After reading countless ...
- 111
3
votes
1
answer
464
views
Benefits of the Double Ratchet protocol over the constant Ephemeral DH key exchange
I've been reading lately about the Double Ratchet protocol, how it works conceptually. I understand generally the idea behind the protocol, that it provides Forward Secrecy and Post-Compromise ...
- 133
0
votes
0
answers
195
views
How to implement secure E2EE for a managing App
TL;DR Is it possible to create an end-to-end encrypted web application where newly created users are able to access data encrypted before their creation?
My plan is to develop a (let's call it a ...
- 1
0
votes
0
answers
193
views
Encrypted messaging app using QR codes for key exchange
I remember seeing an encrypted messaging app a while ago that offered using QR codes to exchange encryption keys between the users. Of course, this only worked when the people met physically, but ...
- 11
0
votes
0
answers
136
views
Backup to a remote Encrypted APFS drive mounted through Samba. Is this a sound plan?
Say I have a remote machine (something like a VPS) that I have no physical access or physical authority over other than a user on it (with root access). However, I'd like to do Time Machine backups on ...
- 1,109
1
vote
0
answers
21
views
How do end-to-end encryption (E2EE) IM apps implementing push notifications? [duplicate]
Say WhatsApp and Signal on Android devices, how do they keep the E2EE not be broken?
Some answers claimed that WhatsApp uses VoIP background mode on iOS to make the push notification invoke the app to ...
- 11
2
votes
1
answer
235
views
How to avoid breaking end-to-end encryption while employing cloud-based DDoS protection?
I have a few websites and apps that I need to protect from DDoS attacks. These websites and apps are delivered by various servers that sit in several small data centers around the world.
I'm thinking ...
- 479
-1
votes
1
answer
406
views
Are the video calls made in a 3G/4G network encrypted end-to-end?
When I make a video call through a cellular GSM/4G network, is there any end-to-end encryption? If yes, what kind of algorithms and CPUs are used?
- 255
-1
votes
2
answers
634
views
Is end-to-end encryption really secure?
If a software uses end-to-end encryption and the encryption key of a client never leaves the device, isn't it still relatively "simple" to get the encryption keys of clients?
A hacker just ...
- 99
1
vote
2
answers
9k
views
Signal — Can message previews of the messages you send be disabled in the chats’ list of your addressee?
Premise
Signal is armed with measures to instil a sense of privacy in users by preventing undisclosed screenshotting and screencasting message threads, and by enabling the sender to set their text, ...
0
votes
1
answer
223
views
Confidential Computing - SQL Server Always Encrypted w/ Secure Enclave - Customer Managed Keys or alternative
I am looking into ways to build a data warehouse that would house confidential data for 1+ clients. The requirement is that our organization can never obtain access to the decrypted data. There would ...
- 101
1
vote
2
answers
348
views
Is TLS encryption between sender and receiver without middlemans end to end encryption and TLS security
As in title, I want to know that is TLS encryption end-to-end encryption when between sender and receiver there's no any middleman? E.g.:
We are sure that TLS in case 2 doesn't provide end to end ...
- 381
0
votes
1
answer
174
views
Are all encrypted tunnels also considered virtual private networks (VPN)?
A few days ago, a colleague and myself were having a discussion specifically on site-to-site VPNs. My understanding, and how I was taught, are that all encrypted tunnels are virtual private networks ...
5
votes
1
answer
1k
views
Free messaging (but not images, video, etc) on United Airlines free wifi: is it secure?
I recently flew with United Airlines and I used their free messaging wi-fi plan.
I could text my friends on Whatsapp, but I could not send (nor receive) multimedia content like images, videos or audio ...
- 153
2
votes
4
answers
1k
views
End-to-end encryption with multiple recipients?
As far as I understand, end-to-end encryption is used to encrypt the content on the client (sender), send it to the server and decrypt it on the client (recipient). The clients store their private ...
- 131
0
votes
2
answers
1k
views
Is an IRC conversation using TLS between two people, one of whom owns the server, end to end encrypted?
If I run an IRC server, and my friend and I connect over TLS and chat, is the conversation essentially end-to-end encrypted because all computers that see the plaintext messages are owned by one of ...
- 179
1
vote
1
answer
124
views
How to deal with targeted attacks from publisher when verifying the integrity of native applications and validating their source code?
I am trying to reason about how native apps can avoid the problems web apps have in dealing with the "Browser Cryptography Chicken and Egg" problem, which has been discussed numerous times ...
- 13
1
vote
1
answer
641
views
End To End Encryption Model
I have an architecture which requires a certain subset of data to be more heavily secured and encrypted. The main parameters which I believe meet the scope of the project are as follows:
Data should ...
- 113
4
votes
1
answer
607
views
Is the new Whatsapp Web update compatible with E2E encryption?
You may see this question as a logical successor of this post.
With the new Whatsapp Web update it is now usable without keeping the smartphone online. I can't imagine how this is compatible with End-...
- 65
-1
votes
1
answer
145
views
how to fully secure web/mobile/desktop application connected the same backend server [closed]
I have a React/Express application, I want to fully secure it. I'm looking for best practices for these features:
data encryption/decryption
end-to-end communication
access control
role management
...
1
vote
1
answer
248
views
Is authentication through mail clients safe when encryption is off?
When adding an account on a mail client, the SSL/TLS is usually turned off and the encryption method is 'none' (see Outlook example below).
Is the password safely sent through the internet when ...
- 13
26
votes
7
answers
8k
views
Is encryption in transit distinct from end-to-end encryption?
I asked a question about HTTPS encryption as it relates to developing a web app here. On the face of it that question has now been closed twice for not being focused enough, but if the meta discussion ...
- 979
2
votes
2
answers
560
views
How can I verify the hash of the plain text without being able to decrypt the cipher text?
I am building an E2EE chat app where there is one asymmetric key pair per group. Each user also has one asymmetric key pair. All messages in a group chat are encrypted with the group public key and ...
- 121
1
vote
1
answer
3k
views
Key management for End-to-end encryption for Chat application
I want to implement end-to-end encryption on my chat application (available on android, iOS and web). For that I've following mechanism in mind.
Generate Key pairs (Private key and Public key) on ...
- 111
0
votes
2
answers
859
views
Is end to end encryption over HTTP safe?
If you wrap all your data in an end-to-end encrypted payload is it safe to transmit over HTTP or at worse case self signed HTTPS instead of traditional CA signed SSL?
- 101
1
vote
2
answers
273
views
Can TLS enable end-to-end security between 2 users(not server) in IPv6?
I'm studying iot Secure knowledge.
I find that people say that TLS/DTLS can provid e2e security but in HTTP diagram it will stop at Server.
A->Server->B and data at Server will be decrypted.
In ...
- 11
0
votes
1
answer
197
views
How to prevent server know what data is being transferred through it between two clients
Imagine a web application in which two computers can communicate with each other by transferring files, through the server linked with some unique password.
Every file sent between the clients are ...
- 105
0
votes
1
answer
258
views
JWT to prevent others from using video in their iframes
I just recently discovered JWT to secure my live stream and have done successful token on server and player but I think it still can be stolen.
How I can use it to only have the domains I choose to be ...
- 1
0
votes
1
answer
223
views
E2E-Encrypted storage: What to do when the lifetime of a key is over?
When using AES-GCM-256 with random nonces, a limit of 2^32 encryptions is specified in order to have a low nonce collision probability. A new key has to be generated to take its place afterwards, I am ...
- 737
0
votes
0
answers
19
views
Is there hardware (like u2f-keys) for passwordless client-side encryption & decryption [duplicate]
I know that u2f keys are designed as authentication factors, but I think it would not be far fetched to also add a protocol that the user can use to encrypt or decrypt data on the client-side. This ...
- 737
0
votes
1
answer
245
views
Does End-To-End-Encryption in Web Applications require trust?
In a talk from Moxie Marlinspike he mentioned that Signal does not intend to release a web application because they are impossible to audit. The javascript code is retrieved on each page load, so it ...
- 737
0
votes
3
answers
901
views
Multiple devices encrypting data using the same key?
I want to implement a service that can't read the data you store there.
The Idea is that I, like in a password manager, use the password to derive a vault key, which is different from the ...
- 737
0
votes
2
answers
683
views
Need some clarification regards end-to-end encryption process
Let's say I want to make a messaging(just an example, take it as any data) web(react + node) application(more like an email rather than chat) with end-to-end encryption. So at some point, I will want ...
- 1
1
vote
3
answers
627
views
Is it safe to send an encrypted blob as a URL parameter?
The context is a password reset functionality. The user has requested a password reset, either via the web, or via a call to the help desk.
The proposed solution is, behind the scenes:
If Self-...
- 113
2
votes
1
answer
141
views
Can we mask encrypted traffic to look like real traffic [duplicate]
Assumptions:
Some places ban or at least think about banning encryption.
Encrypted traffic can be easily spotted because it looks like nonsense (or something else?).
Question:
Suppose I put my ...
- 123
0
votes
3
answers
1k
views
What can my Telco / ISP learn from my Signal (secure messaging app) communications?
To preface this question, I use Signal messaging app for voice, video and text. I understand that the content of all these messages are encrypted and no-one but the sender and recipient can see/hear ...
- 53
13
votes
4
answers
11k
views
How To Recover End-To-End Encrypted Data After Losing Private Key?
I'm creating a mobile app which has chat feature in it. Since I wanted to make it secure, I'll do some encryption to messages and the data. I'm thinking of using End-To-End encryption for it but I've ...
- 257
0
votes
2
answers
5k
views
How to know whether mysql connection is using SSL or TLS connection?
I want to verify whether mysql remote connection is using tls/ssl connection for security purposes.
I ran status command to check initially:
mysql> status
--------------
mysql Ver 8.0.19 for osx10....
- 101
2
votes
1
answer
210
views
How to prevent mobile data from being viewed when leaving VPN server?
Please correct me if i'm wrong. As far as i know, when we use vpn service, our datas are only encrypted from us to vpn server. After leaving the server to intended recipient, our data is decrypted and ...
- 21
5
votes
1
answer
5k
views
What is the correct way to create a backup copy of a PGP key pair?
I am using GnuPG 2.2.20 to create my key pair.
I have successfully created a key pair, now I want to create a backup copy in case of HDD failure.
Following the instruction here, I have tried
gpg --...
- 529
0
votes
0
answers
211
views
Is my own PKI based end-to-end encryption secure?
I implemented a simple chat that (tries to) encrypt messages end-to-end. I approached this problem by making both parties generate an ECDH keypair (P-384) and consequently share their public keys. ...
- 341
0
votes
1
answer
298
views
How to encrypt data so only clients can read, but not the server
I am building a system where the clients should be able to communicate with each other.
However I want all the data to be hidden from the server where the information is stored in a database.
How can ...
- 1
2
votes
1
answer
190
views
What's the best encryption strategy to go with when everybody needs to be able to write data but only a select people can view it?
I really just need an encrypted support ticket system essentially. The user who writes the ticket doesn't need to be able to view it afterward but a handful of staff need to be able to decrypt the ...
- 121
3
votes
2
answers
2k
views
If Whatsapp media messages are e2e encrypted, what is the point of storing popular messages on the server?
There is something I don't understand about whatsapp's privacy policy.
Your Messages. We do not retain your messages in the ordinary course of providing our Services to you. Once your messages (...
- 227
1
vote
1
answer
1k
views
Is it worth using an http proxy?
Sorry for my lack of terminology in the field, that's something I've little (or none any) practical knowledge about.
I've browsed similar questions on the security risks of using (web) proxies, but ...
- 113