Behind the scenes of end-to-end encryption – How does it keep your notes safe?

Anshoo Sethi

They are for securing our digital information as we communicate and share data online. When enabled in apps like messaging, email, or note-taking, E2EE encrypts data on the sender’s device before it is transmitted and decrypts it only on the receiver’s device.

Generating public and private keys

The foundation of E2EE is public key cryptography, which uses a pair of keys – a public key and a private key – to encrypt and decrypt messages. When you start an end-to-end encrypted conversation in an app like Signal or WhatsApp, the app first generates a unique public and private key pair just for that conversation. The public key, as the name implies, can be openly shared without compromising security. But the private key must be kept secret. The private key is usually stored locally on each user’s device and protected by the security of the device. This asymmetric approach allows anyone with the public key to encrypt messages, but only someone with access to the private key can decrypt them.

Key exchange

how to open privnote? Once public and private key pairs are generated, the users in the conversation need to exchange their public keys to initiate secure encrypted communication. It public key exchange is facilitated by the app/service provider. For example, if Alice wants to send an encrypted message to Bob, Alice’s app will request Bob’s public key from the service provider’s server. This key is then transmitted securely to Alice’s device so her app can initiate encryption. Bob’s private key remains securely stored on his device at all times.

Encrypting messages end-to-end

When Alice wants to send a message to Bob, her app will encrypt the message using Bob’s public key – meaning it can only be decrypted using Bob’s private key. This encrypted data is transmitted to the service provider’s server and relayed to Bob. Along the way, the encrypted message remains scrambled and inaccessible to eavesdroppers or hackers. The service provider merely acts as an encrypted conduit without the ability to read the messages.

Decrypting messages locally

When Bob receives Alice’s encrypted message, his app uses his private key stored locally on his device to decrypt and reveal the original message. The unencrypted data is displayed only on Bob’s device – the service provider never sees the unencrypted data. This end-to-end process – encrypting on the sender side and decrypting locally on the recipient side – prevents the data from exposure while in transit. The keys required to decrypt the message never leave Alice or Bob’s devices. It is what makes E2EE so secure.

E2EE for secure note-taking

The same principles enable E2EE in secure note-taking apps. When creating private notes, the app generates a local encryption key that is used to encrypt the note data before syncing it to the cloud. The encrypted note data is then stored in the cloud storage while the private key remains only on your local device.  To view a note again, the app downloads the encrypted data from the cloud and then decrypts it locally using your private key service provider to decrypt your notes without access to your private key. It allows you to securely sync and access your confidential notes across devices without compromising privacy.