The first encryption methods were historically born to respond to the need for secrecy. Military officers used them to share encoded messages and prevent their content from being read even after falling into enemy hands. And that’s still the main goal pursued today (in non-military environments, though) – albeit perfected to the highest level, in the form of what we know as end-to-end encryption.

Encryption is today a more common and affordable tool within everyone’s reach – made available by some messaging apps, document transaction software, data management solutions, etc. However, there is still some confusion on the subject.

End-to-end or asymmetric encryption, public-key cryptography, key-pair… Such terms are becoming more commonly used and their purpose is, to a certain extent, understandable as well. But the way encryption actually works still seems quite mysterious (and reserved for the understanding of an elite of tech experts).

Well, it doesn’t need to be. And it shouldn’t, as encryption is what the confidentiality of our conversations is based on – as well as the technology that allows us to build digital signatures that confirm the identity of signatories (but we’ll come back to that later).

Would you like to know what exactly happens when you are (or are not) having an end-to-end encrypted conversation? Is end-to-end encryption really secure? What could go wrong? What are encryption pros and cons?

That’s what this article is about. Since at first glance it looks like a rather complex topic, we thought we’d break it down into simple concepts and short examples, starting with the basics of cryptography. If you already know all about it, feel free to scroll down to the end-to-end encryption details, and do not hesitate to get in touch if you have any questions or comments!

What is encryption?
Types of encryption
How does end-to-end encryption work?
End-to-end encryption and digital signatures
What are the advantages and disadvantages of end-to-end encryption?
Encryption in Penneo


What is encryption?

Generally, encryption refers to the mathematical process of making a message unreadable except for the person who has the key to decrypt it into readable form.

Encryption can be used to protect data at rest (such as information and documents on a device) and data in transit (like messages from a person to another).


The information stored on your devices (data at rest)

Data at rest is data stored somewhere – be it a laptop, smartphone, or external hard drive – and not intended to be moved. This type of encryption can cover specific files on a device, or all the data in a storage folder, or even the device as a whole.

A common example of encryption of data at rest is device encryption (a.k.a. full-disk encryption) which encrypts all the information stored on a device with a password or another locking method. This type of encryption typically looks like the device lock screen that enables access to your computer or phone after typing the passcode or using your fingerprint.

Data at rest


The messages you send to another person (data in transit)

Data in transit is data that moves from one place to another. This movement occurs as a result of any communication – not only between people but also between websites and browsers. For instance, when you are navigating the internet and go to a website, you can browse it because the data from that web page travels from the website’s servers to your browser.

The same happens when you send a message on a messaging app, as that message moves over a network – from your smartphone to the servers of the app’s provider to your recipient’s device.

Data in transit

To be more specific, the message sent from a device to another passes through a cellphone tower, then the servers of the messaging service provider, then another cell phone tower, and ultimately reaches the recipient’s device. When no encryption is in place (that is, in most cases) all the elements-actors included along the message’s way (the so-called intermediaries) will be able to read the unencrypted message being sent. As the message can be seen by these servers (and usually stored on them), it might be vulnerable to disclosure and leak if the servers involved got hacked or compromised.


Types of encryption

If you want your messages to be confidential, the conversation between you and the recipient needs to be encrypted. There are two ways to encrypt data in transit: Transport Layer Security (TLS) and end-to-end encryption (E2EE).


Transport Layer Security (TLS)

Transport Layer Security (TLS) protects a message sent from your device to another by encrypting its content as it travels from your device to the messaging app’s servers and from the messaging app’s servers to your recipient’s device.

Therefore the message is only encrypted for the cell phone towers in this example, not for the messaging service provider – who can decrypt it and see its content. It follows that the confidentiality of your conversation is still at risk.

Transport Layer Security

For example, when you have a conversation on Facebook Messenger, your conversation is encrypted in transit between your device and Facebook, and between Facebook and the recipient’s device. Therefore, Facebook can potentially read the contents of your messages and disclose their content. Obviously, if they did and leak private conversations of their users, the most used social media would likely lose its wide popularity.

To clarify the concept, we could say that relying on a messaging app that uses TLS does not mean that your data is not safe. It only means that what actually protects your privacy is not only the encryption but also the company’s policies for personal data processing and privacy protection.

As mentioned, encryption is not just about protecting communication between people’s devices, but also between websites.

Another example of TLS can be seen on some URLs. Next to the URL, you can find the communication protocol – that, for some websites, is still “http://”. If you visit a website using HTTP protocol and malware is spying on your network, you have no protection or privacy against malicious actors. They can see which websites you’re navigating and what information you’re typing in (like credit card numbers or other personal data).

On the opposite, if you are browsing on an HTTPS-protected website, your connection is secure and encrypted. The messages you write on that website, your searches, login credentials, and whatever sensitive information you enter are encrypted.

Only the website’s owner can access it to provide you with the services you’re looking for, and no other people can read any of your information. You can check the protocol type to see if the website you’re browsing is HTTPS-protected like in the example below, and click on the locker icon in the URL bar to get more information about the connection’s security.

HTTPS-protected website


End-to-end encryption

End-to-end encryption ensures greater protection to data in transit. The message being sent from a device to another is encrypted all the way from the sender (the initial end) to the recipient (the final end). Nothing and nobody, including the messaging service provider, can read the content of your conversation.

End-to-end encryption

Today, several communication apps offer end-to-end encrypted messaging services (WhatsApp, Telegram, Signal, etc.). When using such applications, the service providers can only see that you are having a conversation with your recipient but are unable to decrypt and view the messages you are transmitting.

This is why end-to-end encryption is a much safer data privacy method. You can feel free to communicate sensitive data, financial details, business affairs or legal proceedings, medical conditions, or simply have an intimate conversation without prying eyes. The original sender and the intended receiver are the only two individuals who can read the messages. No one sitting in the middle can see their content, not even the company running the communication service.


Which of the two encryption methods should you use?

If you trust the application you are using, its policies for data processing, and the security of its infrastructure, TLS might be safe enough to meet your needs. Nonetheless, we recommend using services that enable end-to-end encryption when available because of the greater privacy and secrecy they provide.


How does end-to-end encryption work?

Having clarified the basics of encryption, let’s dive into what is meant by end-to-end encryption, how it works, and what it can be used for.

End-to-end encryption is also known as asymmetric-key encryption, public key encryption, or public key cryptography.

All these terms refer to the process of converting (encrypting) ordinary plain text into unintelligible text and vice-versa (decrypting it) by means of keys. End-to-end encryption is based on the use of two different (asymmetric) keys: one to encrypt the message and one to decrypt it (respectively called public key and private key).

To better understand what this means and how the process works, however, we must once again take a step back and start by explaining how symmetric-key encryption works (with one key). Bear with us, we’ll get there in no time!


Symmetric encryption: the pros and cons of using a single key

Let’s say Bob, Joe, and Alice are sitting next to each other.

Bob wants to send a message to Alice on a note and, to do so, that note has to go through Joe’s hands, who will then pass it on to Alice.

Symmetric encryption

If Bob wants the message to be kept secret (so that Joe can’t read it and only Alice can), Bob needs to use some form of encryption to make it unreadable for Joe.

Bob decides to encrypt the message with a key of 3, shifting the alphabet letters by three (so A becomes D, B becomes E, etc.), and, in the same (reverse) way, the message will then be decrypted by Alice. So, for instance, a message saying “HELLO” will be encrypted as “KHOOR”.

Caesar cipher

The method of shifting the letters down the alphabet by three is historically known as the Caesar cipher, as it was used by Julius Caesar to communicate in secrecy. This encryption method based on one single key used to both encrypt and decrypt the message is the simplest example of symmetric cryptography (symmetric encryption). Although it seemed effective in the distant past, it is obviously a rather weak and vulnerable encryption mechanism today.

In the example above, if Joe wanted to decipher the message, he would just try all the possible combinations – and it wouldn’t take long to guess what’s the key to interpret the message and convert it into readable text. Moreover, Joe could spy on Bob and Alice until they tell each other the key to their encryption method – whereupon, he would always be able to read their messages.

Luckily, cryptography has made giant steps since the time of Caesar, hand in hand with technology. The mathematical capabilities of today’s computers can generate much more complex keys than the key of three, which are also much harder to guess.


What is the difference between symmetric and asymmetric encryption?

The use of a single key for both encrypting and decrypting the message is the main drawback of symmetric cryptography. That’s why it’s much safer to use asymmetric cryptography, a.k.a. public-key encryption, or end-to-end encryption. Instead of using one single key, asymmetric cryptography uses two different keysone to encrypt the message and another to decrypt it.


Asymmetric encryption: two keys are better than one

To continue with the example above, let’s assume that Bob and Alice are now in two different countries and want to send messages to each other from their computers without anyone else being able to read their conversation.

In this situation, the intermediary Joe is replaced by a number of third parties: Bob and Alice’s computers, Internet connection providers, browser and email providers, and other computers and data servers that need to be involved in enabling their communication online.

Asymmetric encryption

If Bob and Alice want their messages to remain private, they need to use asymmetric (i.e., public key) encryption. To do so, they rely on a messaging service that provides this functionality.

This encryption system creates for both Bob and Alice two keys: a public key and a private key. The two keys are represented by very large numbers and are connected to each other. The public key and the private key are generated together and tied together. It is as if they represented two sides of the same coin, and (just like yin and yang) they complement each other. The public key is used to encrypt the message; the private key is used to decrypt it.

Public and private keys

To send an encrypted message to Alice, Bob needs her public key.

Alice can send her public key to Bob over an insecure channel, like an unencrypted email, because the public key is something that can be shared openly and does not need to be kept secret – as it can only be used to encrypt messages, not to decrypt them.

Encrypted message

Bob receives Alice’s public key and can now use it to encrypt a message and send it over on the internet till it reaches Alice’s computer.

But how exactly is the message encrypted? What does encryption software do?

Through encryption, a readable message (like “Hello”) is processed through a hashing algorithm (public key); in other words, it is mathematically distorted through a process that converts it into an illegible form that is not readable to anyone who sees it (“Hh4dF6hfA7IjS9tOvHhFWEskNGaS…”).

The message travels over the Internet, whereas anybody can see it in its twisted form (“Hh4dF6hfA7IjS9tOvHhFWEskNGaS…”).

Once it gets to the final destination, the entitled recipient process the message through a hashing algorithm (private key); i.e., the recipient converts it back into readable form, and the original message’s content becomes visible and clear (“Hello”).

In our example, all of the intermediaries involved along the message’s way can see that a message is being transmitted from Bob to Alice. They can see its metadata, such as the date and time of the message, the subject line, and the sender and recipient’s name but cannot read the message’s content. The content of the message looks illegible and indecipherable for all of them – since they lack Alice’s private key to decrypt it.

Once Alice receives the message, she can now use her private key (kept secret and never shared with anybody on any communication channel) to decrypt the message and read its content.

Encrypted message

Therefore, with public-key cryptography, the message is encrypted from the initial sender/end (Bob) and can only be decrypted by the final recipient/end (Alice) – ergo, it’s kept confidential from end to end.

In the same way, if now Alice wants to reply to Bob by sending him an encrypted message, she will need Bob’s public key (that he can share publicly and freely) to encrypt it. The message will be unreadable to anybody other than Bob, who will be able to decrypt it using his private key.


Asymmetric encryption and digital signatures

Encryption can also be used to prove that a message came from a particular person and has not been altered. Let’s see how.

We clarified that the public key can be shared freely while the private key must be kept secret. This means that anybody that knows a person’s public key can use it to encrypt a message, but only the key’s owner can decrypt it with their private key. In the same way, if we turn around the concept, a person could encrypt a message via their private key, and everybody else knowing that person’s public key could decrypt it.

Now the question is, how could this reverse function help?

What purpose can it achieve, and what advantage can it give? Back to our previous example, why would Bob want to encrypt a message with his private key and allow anyone else to decrypt it with Bob’s public key?

It’s intuitive that, in this case, Bob’s goal would not be to keep the message secret. On the contrary, the message would be decipherable by anyone. Still, only one person could have been able to encrypt it with his private key: Bob. And that’s exactly the point.

Let’s suppose that Bob owes Alice 10€, and Alice wants him to oblige himself to pay this money.

Bob sends a message to Alice to tell her “I’ll pay you 10€”.

Now what Bob and Alice want is not to have a confidential conversation. It’s to make sure that what Bob is saying and promising can be seen and validated by anybody. So they are pursuing the exact opposite objective – but using the same asymmetric encryption method.

Bob can encrypt the message with his private key – which was always kept secret, so Bob is the only one who can use it to encrypt the message.

On the other hand, everybody else can now decrypt the message using Bob’s public key – not just Alice.

And the ability to decrypt the message using Bob’s public key means that it was encrypted using Bob’s private key – ergo, Bob is undoubtedly the author of the message. In simple terms, what Bob does when he encrypts the message with his private key has the same purpose and value as if he had signed a message with a pen on a piece of paper and handed it over to Alice.

Furthermore, the message encrypted by Bob cannot be altered afterward.

In the analog reality, Alice could take the message signed by Bob on paper and change the value of the amount to be paid from 10€ to 100€, and Bob would not have any way to demonstrate that the message had been tampered with.

On the opposite, a digital message encrypted via Bob’s private key cannot be altered by Alice because she does not have Bob’s private key, so she cannot re-sign the message.

In conclusion, a digital message signed and encrypted via a person’s private key ensures the identity of the signer and the tamper-proofness of the content. And this is what digital signatures are all about – that’s what they owe their popularity and trust. And that’s also why they are safer than traditional handwritten signatures.


To recap:


The pair of keys:

  • Public key cryptography (end-to-end encryption) is the process that uses a person’s public key to convert text into a form that is unreadable for anybody that doesn’t have that person’s private key.
  • A person’s public key can be shared openly. It can be considered and treated as a physical address of a person’s home.
  • A person’s private key must be kept secret and safe. It could be considered and treated as the key to a person’s home (but you only have one, you can’t make copies, you can’t lose it and change the door lock).
  • To make a real-life example that comes close to the concept, the pair of keys can be assimilated to the address and house keys. When you buy a house, you have a new address (public key) and a key to access it (private key). It is in your interest to let people know your address so that they can send you messages by mail. Therefore you put it in the public phone book (or, in 2021, you update your address information on the Internet and Social Media). A message encrypted with a person’s public key is like a card sent by post to that person’s home address. Everybody knows (or can know) that address refers to a house that belongs to that person. But only the house owner, with their private “key”, can open the mailbox and get access to the card.


Using encryption to keep the message secret (confidentiality)

  • Knowing a person’s public key allows you to encrypt a message directed to that person, as the message will only be decryptable with that person’s private key.
  • Intermediaries can still see metadata while you are having an encrypted conversation: they can see who you are, who your recipient is when you are sending a message when the recipient is receiving it, what the message’s subject line is, and that you are encrypting the message.
  • Going back to the example above, the intermediary could be the postman, who can read the names of sender and recipient on the letter envelope and is a necessary element to forward the message from the initial end to the final end. Still, the postman cannot read the message inside the envelope.


Using encryption to sign a message and verify the author of the message (identity proof)

  • You can sign your message by encrypting it via your private key so that the recipient (and everybody else knowing your public key) can be sure that you are the author of that message (and its signer).
  • You can decrypt a message that a person signed via their private key by using their public key and be sure that the message could only have come from that person (and that specific person signed it).


What are the advantages and disadvantages of end-to-end encryption?


Can end-to-end encryption be hacked?

Although end-to-end encryption may seem flawless, it has weaknesses too. There are three potential risks to consider:


1. You can hide the content of your conversation but not the existence of the conversation itself

Intermediaries are indispensable for the conversation itself. They cannot be removed – otherwise, there would be no way to forward a message from one device to another. And although end-to-end encryption makes the content of the messages illegible for intermediaries, they would still know that an encrypted conversation is taking place between two people on a certain day.

Therefore, the first limitation of end-to-end encryption appears in the event that you wanted to hide the existence itself of your communication. If that’s the case and, for whatever reason, you don’t want anyone to be aware that you are communicating with another person, end-to-end encryption is not the solution. Even though your messages can’t be read, there’s proof that you had a conversation with a particular person at a specific time and that you decided to encrypt its content.


2. All bets are off if you only encrypt data in transit and not data at rest as well

Encrypting data in transit might not be enough to protect your privacy, as even a perfect end-to-end encrypted conversation is vulnerable in the two moments-places where the message is readable: the ends – which are none other than your device and the recipient’s device. If your device is not secured, in the event that somebody gets hold of your phone, for instance, they would be able to read all of your conversations and even write and send messages on your behalf. That’s why it’s essential for such endpoints to be protected. Here’s how you can do it:

  • Device encryption: A common protection mechanism is enabling a passcode lock-screen. By granting access after typing a password or using your fingerprint, if somebody takes over your smartphone, they would not be able to unlock it, read your correspondence or impersonate you.
  • Antivirus software: Although effective to protect your device when others take physical possession of it, device encryption is not enough to protect it in the case of virtual attempts of data breach by hackers. To mitigate that risk, devices need to be protected with antivirus and malware software.
  • Backups encryption: But that’s not all. Because the weakest link of the chain is the storage point, and oftentimes your device is not the only storage point. For instance, you might store automatic backups of your encrypted conversations to the cloud. In that case, you should check your cloud backup settings to make sure that they are also encrypted.
  • In conclusion, combining multiple protection methods to ensure both your data in transit and your data at rest are encrypted will let you enjoy a greater level of privacy and defence against unauthorized eavesdroppers.

    Just as the conversation involves two people, so must the two people take care of its safety. Although you may have done everything possible to protect your devices, servers, and networks, you cannot be sure that the recipient of your messages has done the same with theirs. If your recipient’s endpoint has been compromised – their device stolen, their Internet connection hacked, etc. – there is nothing you (or the encryption system) can do to protect the confidentiality of your conversation.


    3. End-to-end encryption is virtually unbreakable, but sometimes hackers can find their way

    As explained above, a person that wants to send encrypted messages to another person must obtain that person’s public key. At first glance, there seems to be no problem or risk in this exchange of public keys, as they can be freely distributed on whatever channel.

    However, as end-to-end encryption might be virtually impossible to break, hackers might try instead to interfere with the exchange of public keys – which, therefore, can represent a vulnerability of the encryption system. For instance, a hacker could provide one person-endpoint with the hacker’s public key and then impersonate somebody else. This situation is known as a man-in-the-middle attack (or machine-in-the-middle-attack).

    Let’s suppose that one of the intermediaries of the conversation between Bob and Alice is a hacker. Alice is going to share her public key with Bob so that he can send encrypted messages to her.

    The hacker manages to provide Bob with the wrong public key and deceive him into using it to encrypt messages.

    Man-in-the-middle attack

    As a result, Bob will encrypt messages using the hacker’s public key without even noticing that it is not Alice’s legitimate public key.

    The hacker can now decrypt Bob’s messages and read their content.

    What’s more, the hacker will also be able to use Alice’s actual public key to re-encrypt the message and send it to her. In this way, Alice won’t know that a man-in-the-middle attack had meanwhile occurred.

    The hacker can also edit the content of the message before encrypting it and lead Alice to believe that Bob was the one writing it. Still, in most cases, the hacker does not modify the content of the messages, and the two subjects involved in the conversation keep sharing messages as if nothing had happened. The hacker might decide to wait until the right moment to take advantage of the situation – such as, once Bob sent Alice a message with his bank details, for example.

    What can be done to prevent this risk? Thankfully, there are methods for avoiding these cyber threats.

    • The first method is known as fingerprint verification and consists of verifying that the public key used to encrypt the messages is the legitimate recipient’s public key. However, to do that safely, Bob and Alice should meet up in person and double-check that the public keys they hold actually match with their fingerprint keys. Although it’s an effective method, it’s also rather inconvenient and often not feasible for people far from each other.
    • Another method is made available by some end-to-end encryption programs, which can generate a sort of one-time passphrase based on the two users’ public keys. But even in this case, the two people should meet in-person to confront the passphrase or use a safely encrypted communication channel to share it and assess whether it matches.
    • Finally, a more secure and convenient method to prevent this type of attack is relying on a Certificate Authority (CA). This is the method generally employed by the best end-to-end encryption software to ensure that a public key legitimately belongs to a certain person. To this end, the public key is embedded in a certificate that is digitally signed by a trusted Certificate Authority. As the CA’s public key is widely known, its truthfulness can be trusted. A message encrypted using a public key and verified by the Certificate Authority can be counted as an authentic message coming from a known sender.


    Why is end-to-end encryption important?

    Despite its weaknesses, end-to-end encryption is currently the most secure way to transfer data thanks to three main benefits it provides:


    Absolute Privacy

    It protects from hackers and cyber-attacks: only you and your recipient have the keys to unlock your data. If you both keep them secure by taking advantage of the best practices and strictest settings of encryption apps, you can be sure of the safety and confidentiality of your conversation.


    Confidentiality even with respect to the service provider

    It protects from third-party providers’ bad intentions or leaks: maintaining your messages unreadable even for the providers operating your communication channel, you can be sure that the risks of a data breach are minimized.


    Certainty about the authorship of the message

    It can be used for proof of identity purposes: i.e., to sign a message and verify the author of the message. A message signed and encrypted via a person’s private key ensures the identity of the signer and the tamper-proofness of the content.

    End-to-end encryption is today the gold-standard for protecting data-transfers. That’s why more and more communication services are implementing this functionality to offer their users safer data-transfer options. It follows that organizations seeking the highest levels of security must choose service providers that enable end-to-end encryption capabilities.


    Encryption in Penneo

    Top-level data protection and privacy are core benchmarks we strive to maintain every day to offer our users the safest possible digital experience.

    Our digital signatures are built on public-key cryptography, which guarantees the authenticity of the signer and non-alteration of documents and signatures.

    When you rely on Penneo to sign digitally, you can be sure of your documents’ trustworthiness and legal validity. Our digital signatures comply with eIDAS requirements for advanced e-signatures and meet international security standards. Therefore, they are legally binding and enforceable in the EU and worldwide.

    Penneo provides its clients with configurable security features. It’s up to the individual customer to personalize the security level for access, sharing, and data confidentiality. Similarly, users have the choice to activate our built-in encryption functionality before sending documents for signing.

    We always recommend using the strictest settings applicable to the specific use case to ensure greater protection. In the most rigorous case, all access to customer data is restricted using multi-factor authentication, and data is always transmitted relying on encrypted channels.

    When you send out a document for signature via Penneo, you can check the box “The case file contains sensitive information”. By doing so, your document will be encrypted and the recipient will have to use their e-ID to access said confidential document.

    Penneo security settings

    Penneo also encrypts data at rest. Sensitive data and Personally Identifiable Information (PII) are encrypted following the cryptographic standards defined by the National Institute of Standards and Technology (NIST). In particular, our security system follows the Advanced Encryption Standard (AES), a NIST specification for the encryption of electronic data that was originally adopted by the U.S. federal government and has now become the industry standard for data security used worldwide.

    To be more specific, Penneo’s encryption system is built on AES256, which provides the strongest encryption level. The result is a tremendously sophisticated form of encryption that is virtually impenetrable, even using brute-force methods.

    All the documents and information you store in our system are automatically encrypted and backed up in our databases within the European Union (Germany and Ireland) in compliance with GDPR.

    By using Penneo to create digital signatures and share confidential documents and data, you will reduce your company’s risk exposure and become a harder target for bad actors.



    If you're looking to learn more, we have a few suggestions for you

    The eIDAS Regulation

    The eIDAS Regulation: Electronic Identification in Europe

    Digital signatures vs electronic signatures

    What Are the Differences between Digital Signatures and Electronic Signatures?

    Electronic signatures

    What Is an E-Signature?