End-to-End Encryption: Here's how it works, benefits and drawbacks

End-to-end encryption or E2EE is the type of encryption where a message is encrypted at the sender's end and decrypted on the receiver's end

end-to-end encryption

Debarghya Sanyal New Delhi

Listen to This Article

“Messages and calls are end-to-end encrypted. No one outside of this chat, not even WhatsApp, can read or listen to them.” If you are a WhatsApp user, you are sure to have read this message on at least one of your contact’s message windows. But do you know what it means to have your messages end-to-end encrypted?
End-to-end encryption or E2EE is the type of encryption where a message is encrypted at the sender's end and decrypted on the receiver's end. The message remains encrypted at all points during the transit, so even if someone intercepts it during transmission, they can't read its contents.
The term end-to-end refers to this same fact. The encryption and decryption of the messages happen only at the endpoints, the sender, and the receiver end. The message is not encrypted or decrypted at any point in transit. Even the server relaying and storing your message cannot decipher and read your messages.
E2EE uses asymmetric public key encryption, where both parties have two keys. Here, the term “key” refers to the mathematical algorithm used to decrypt or encrypt a message. One of the keys is the public key that anyone can access, while the other is the private key that is not shared with anyone else. The public key is used to encode a message, and this encoded message can only be decoded using its corresponding private key. Simply put it’s a double-lock system.
When somebody sends you an encrypted message, their app uses your public key to encrypt the message. The encrypted message is sent over the internet. However, the public key can't be used to translate the message into its original form. To do that, you need your private key. This is possible because the public key and private key are linked in a way that is nearly impossible to figure out when looking at the public key alone.
Besides securing your messages, and ensuring privacy, E2EE also helps those working remotely to access company tools and data securely.
However, E2EE isn’t a perfect security solution. If an app’s communication is fully encrypted, that can prevent the app from offering additional features like contextual services based on the content of the message, or the ability to automatically generate calendar invites, message history, and other additional features.
Moreover, while E2EE does help protect the content and data of your messages, it doesn’t encrypt the metadata. Thus, even if the content is encrypted, it’s still possible to determine who you sent messages to, and when. Law enforcement agencies in the US and European countries have also argued that E2EE prevents text messaging applications such as Telegram, WhatsApp, Apple's iMessage, Jabber and Signal, or even Facebook Messager, to monitor illegal activities on these platforms. 

First Published: May 10 2023 | 10:21 PM IST

Explore News