Security Encyclopedia

End-To-End-Encryption

End-to-end encryption (E2EE) is a system for obfuscating data so that all persons who could potentially monitor a private exchange are unable to do so — except for the intended parties. E2EE is implemented to prevent eavesdropping.

A system is said to be E2EE only when the cryptographic keys required to decrypt the conversation are held by the legitimate parties to the dialogue. Parties to an E2EE system encrypt data using a closely held mutual secret. Examples of the more closely held shared secret include a Pretty Good Privacy (PGP) pre-arranged string of characters and special characters. Another is a one-time secret derived from a PGP or other shared secret, called a Derived Unique Key Per Transaction (DUKPT).

Strong encryption trough public key cryptography (PKC) is the underlying basis for messaging privacy because only the parties to the conversation hold private keys. For example, service providers that support true E2EE are ones that are unable to read plaintext communiques between users on their platform.