End-to-end encryption

The terms “end-to-end encryption” and “encryption on the client side” describe a way in which (client-server) network applications perform encryption and data security functions.

“End-to-end encryption” applies to the situation of internet communication between users – end-points of a system. The web application encrypts and decrypts all data only on users’ devices – on their own computers or smartphones. Only on those devices the original content is available in decrypted form and readable. The messages outside users’ computers (ie. while they are stored on servers or are “on the road” between them) are encrypted and secure.

Encrypting data on an end-user’s device in the case of client-server systems is also called “encryption on the client side”. It usually takes place immediately after pressing either the “send” or the “save” button, and before data is sent to the server. From the other side – decryption is done after the data is received, immediately before displaying it on the screen.

In the cases described above, the role of the application’s server is often limited to efficiently storing the encrypted content in an appropriate way. Such servers do not have access to user passwords or keys required for decrypting the data – it’s an obvious assumption in all systems which perform end-to-end encryption. More information about zero-knowledge servers.