What is End-to-End Protection?
Confidencial takes an end-to-end approach to securing your messages and files. What does this mean? In short, it means that in most* cases, Confidencial does not see or store the private keys that are required to decrypt messages and files and in all cases we do not ever see (let alone store) your messages and files, even in their encrypted form. Read on for more information about our approach to keeping your data safe.
In most cases, Confidencial does not store your private decryption keys in a form that would enable an attacker to access your protected documents should Confidencial’s backend infrastructure be compromised. Besides the fact that Confidencial does not see or store your messages and documents, Confidencial does not store whole private keys in its infrastructure (with the exception of Temporary keys). Instead, keys are either stored in a key server hosted by your organization, “sharded” and stored across multiple, independent locations in the cloud, or stored on a device of your choosing.
Confidencial’s implementation is a true end-to-end secure solution to protecting your most sensitive data. This approach is perhaps best described by example; let’s review a couple of these.
Let’s say you have a Word document that you would like to protect. You might store this Word doc on your PC, on your company’s internal network, or in the cloud. Wherever you store it, Confidencial’s protection will follow it, because it’s built into the document itself. If this is a working document that you are creating on your own, you will probably just encrypt it for yourself. You can open Confidencial’s add-in for Word to do this.
When you click Encrypt Document, here is what happens:
- Confidencial fetches your public encryption key from its Public Key Registry (or the local cache of public keys on your machine)
- Confidencial takes all the content in your document and encrypts it using your public key*
Technically, we encrypt the content of your document with a symmetric (AES) key. That symmetric key is then encrypted using your public key.
- The encrypted data is then inserted into your document as metadata
Metadata is auxiliary information - it’s data about your data. Other examples of metadata in a Word document include the document author’s name, the title of the document, and the name of the template upon which the document is based.
- Your original document data is now replaced with a banner that informs viewers of the document that it is protected with Confidencial. A hyperlink is included within the banner that directs users to viewing instructions.
- When you save the document, its contents are now protected at rest
When you later open this document and click View Encrypted Contents in the Confidencial taskpane, here is what happens:
- Confidencial retrieves your private decryption key
- The encrypted document data is extracted from the metadata of the document
- Your private key is used to decrypt the data
- The decrypted data is re-inserted into your document for viewing and editing
- When you are done viewing and editing the document, clicking Re-encrypt Before Saving protects the data by executing the steps described in the “Encrypting the document” section above
At no point during this entire encrypt-decrypt process did your document’s contents get sent to Confidencial. All encryption and decryption is done locally on your machine. It is an end-to-end secure process.
With the release of Confidencial 2.2, you will be able to send messages and files directly from the Confidencial web or desktop app using Slack, Outlook, or Gmail! Check back here after the release of V2.2 for a description of how Confidencial implements an end-to-end solution for data sharing using your favorite messaging apps.