What is End-to-End Encryption?

End-to-end encryption is a method of transmitting data where only the users communicating can access and read the messages. By using cryptographic keys that only the users have control over, no eavesdroppers can decrypt the message, not even the servers that transmit the data.

What is not End-to-End Encryption?

To have a clear picture of what end-to-end encryption is, we must first understand what is not end-to-end encryption.  You might have heard about encryption being used by websites to protect our online activities. For example, when you visit https://www.gmail.com, the HTTPS in front of the URL denotes that SSL/TLS protocols are used to encrypt the data transferred between your computer and Gmail’s servers. This protocol is much more secure than HTTP (no “S” = not secure) and is widely adopted by websites to protect against eavesdroppers. The downside to relying solely on HTTPS, however, is that when two users are communicating with each other through a centralized server (such as Gmail), the server has the keys to decrypt the data. In order to prevent centralized services from intruding on our privacy, we can adopt end-to-end encryption.

How End-to-End Encryption Works

In end-to-end encryption, the endpoints refer to the sender and intended receiver’s devices. The message is encrypted locally on the sender’s device and can only be decrypted by the receiver on his device. End-to-end encryption is often referred to as “client-side encryption” and “zero access” due to the fact that encryption and decryption happen only on the users’ devices and not on central servers. Because of this characteristic, end-to-end encryption prevents centralized servers from reading user data. In order to implement end-to-end encryption, two types of cryptographic algorithms are used: symmetric and asymmetric.

End-to-end encryption
End-to-end encryption ensures that even the centralized server cannot access user data.

Symmetric Cryptography

Symmetric-key encryption is what we typically think of when we want to “lock” a message. The basic idea is that the sender generates a key that turns the message into ciphertext, an encrypted version of a message and sends the ciphertext to the receiver. The key is shared with the recipient through another secure channel so he can decrypt the ciphertext.

To illustrate how symmetric cryptography works in the real world, we’ll take a look at how an end-to-end encrypted email is sent from a ProtonMail email address to non-ProtonMail email addresses. In this case, you have to set a password for the message and share it with your recipients. The recipients receive an email with a link that takes them to a ProtonMail page where the ciphertext resides. Finally, the recipients enter the password you set for the message and the message is decrypted locally on their computer. In this Encrypt for Outside Users feature, the password never leaves the sender’s computer or comes to ProtonMail, so no one else can decrypt the message.

Asymmetric Cryptography

A major hassle with symmetric cryptography is that you have to find a way to securely share the key with your recipient (If an eavesdropper was able to get the ciphertext AND the key, the message would be compromised). If only there was a way to publicly share your key with anyone who might want to communicate with you, without fear of compromising your encrypted messages…

Invented in the 1970’s, asymmetric encryption solves the problem with 2 user generated keys – a public key and a mathematically related private key. The public key can be broadcasted to the world while the private key should never be revealed. The sender uses the receiver’s public key to encrypt a message into ciphertext and then sends it to the receiver. The ciphertext can only be decrypted with the receiver’s private key, protecting the message from eavesdroppers, even if they have the public key.

End-to-end Encrypted Ciphertext
Without the private key, end-to-end encrypted messages would simply look like this.

As a real world example of how this works, consider how email is sent between ProtonMail users, which is always automatically end-to-end encrypted. Invisible to the users but nevertheless happening all on the users’ devices, public keys of recipients are used to encrypt the message while private keys, which are only accessible to the users with the correct mailbox password, are used to decrypt data.  Since ProtonMail does not have users’ mailbox passwords, even ProtonMail cannot decrypt user data. In addition, the beauty of asymmetric encryption allows ProtonMail to automatically encrypt incoming emails from the outside, such as from Gmail, using the users’ public keys so that the data is stored encrypted.

Advantages of End-to-End Encryption

End-to-end encryption provides the ultimate peace of mind for privacy-conscious users. You no longer have to give up control of your privacy and be forced to trust internet services that might:

  • Insufficiently protect your data, leaving your personal information at risk to hackers, governments, and other entities.
  • Scan and share your data to generate profit, advertising, and research without your consent or best interests in mind.

Why have I not used it before!?

Despite the technology having been around for decades, end-to-end encryption hasn’t been widely adopted for several reasons. First, it is against the interest of centralized service providers to support end-to-end encryption if their business model depends on advertising and invading users’ privacy. Secondly, end-to-end encryption has traditionally been difficult to use. In the email space, for example, PGP/GPG enables asymmetric encryption but requires users to exchange and manage keys, which can be confusing even for the tech-savvy. Despite these challenges, the importance of end-to-end encryption will only grow as more of our lives are tethered to the internet and more technology is developed to record and take advantage of our data.

At ProtonMail, we are making end-to-end encryption easy to use for everyone because we believe privacy matters. We have made the cryptography invisible to the user so that even if you didn’t understand anything from above, you can still use ProtonMail. Sign up for your end-to-end encrypted email account here.

To learn more about email privacy, watch our TED talk here.


About the Author


We are scientists, engineers, and developers drawn together by a shared vision of protecting civil liberties online. Ensuring online privacy and security are core values for the ProtonMail team, and we strive daily to protect your rights online.

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

25 comments on “What is End-to-End Encryption?

  • In PGP messages subject lines are not encrypted (as far as I understand), how is this in Protonmail?

  • I just received my Protonmail account. Thank you! When I went through the account setup process I observed that my key pair was created. I have used Enigmail (gpg) in which I distribute my public key either manually or by use of a key server. I am responsible for maintaining and securing my private key locally.

    Am I correct in understanding that Protonmail serves the function of a public key server AND stores an encrypted copy of my private key (encrypted with my mailbox key)?


  • I have just registered with you after seeing the TED show. I want privacy. I will pay for or contribute for it. I succeeded in registering with you, but I am not sure. Could you confirm that i can now send an encrypted message-I think I sent one to my sister in USA- I am in the UK. My most important question to you is what do I have to do so that my recipient is able to reply safely as I did to him using my encrypted Proton mail ??? Please explain how I get the people I want on my encrypted contact list -do they have to register also like I did ? R Marbois

    • You can send an encrypted message to a non-ProtonMail user, but the easiest way is to also get your contacts to sign up for ProtonMail. Then all of the encryption is automatic and seamless.

  • Looking at the picture above, I am wondering if you, the ProtonMail staff, can read the Meta data such as the subject header, recipient as well as the sender data ?

  • Sincere Gratitude and Thanks for pushing the envelope of privacy and becoming the true innovators. Your/Our shared vision of securing privacy and promoting what should naturally be civil liberties is great respected and sincerely appreciated. During these tumultuous If times it refreshing to be on the right side of history. When it’s all done and said. The only true question will be how did we as individual make a positive impact in our lives. Did our lives make things better or worst for humanity? Did we help ease the suffering and push humanity to become better or not? Because at the end of the day, at the end of our time here in earth. We will be asked, did we help? And evolve as a species or did we fail as a species? May Peace Prevail On Earth.

  • Hello,

    Thank you again for the Development of Protonmail!
    I just have a quick question: is an email sent through protonmail to another email provider using the same end-to-end encryption technology still secured (i.e. without using a shared passphrase in a link)?

  • Hi
    I am using protonmail since a couple of months and think it’s great! Thx for the great work.

    What I couldn’t find explained on your website so far (maybe I missed it?) was an explanation about the encryption “mechanics” when a protonmail user sends an email to an arbitrary other email address (say gmail to be specific). I understand that on your server the email is encrypted and that for two protonmail users the end-to-end encryption works perfectly fine. However, when the content of the email is actually transferred to a third party email provider (say gmail), I reckon this would need to happen in plain-text (smtp / non-encrypted), and could in principle be eavesdropped by anyone. This is also confusing since it would imply that also you would need to have access to the un-encrypted email content, at least at the moment when you send the content to the third party email provider, contrary to what you claim.

    Thx Matthias