What is End-to-End Protection
Last updated
Last updated
💡 Confidencial takes an end-to-end approach to securing your messages and files. What does this mean? In short, it means that in most* cases, Confidencial does not see or store the private keys that are required to decrypt messages and files and in all cases we do not ever see (let alone store) your messages and files, even in their encrypted form. Read on for more information about our approach to keeping your data safe.
*️⃣ In most cases, Confidencial does not store your private decryption keys in a form that would enable an attacker to access your protected documents should Confidencial’s backend infrastructure be compromised. Besides the fact that Confidencial does not see or store your messages and documents, Confidencial does not store whole private keys in its infrastructure (with the exception of ). Instead, keys are either , , or .
Confidencial’s implementation is a true end-to-end secure solution to protecting your most sensitive data. This approach is perhaps best described by example; let’s review a couple of these.
Let’s say you have a Word document that you would like to protect. You might store this Word doc on your PC, on your company’s internal network, or in the cloud. Wherever you store it, Confidencial’s protection will follow it, because . If this is a working document that you are creating on your own, you will probably just encrypt it for yourself. You can to .
When you click Encrypt Document, here is what happens:
Confidencial takes all the content in your document and encrypts it using your public key*
*️⃣ Technically, we encrypt the content of your document with a symmetric (AES) key. That symmetric key is then encrypted using your public key.
The encrypted data is then inserted into your document as metadata
ℹ️ Metadata is auxiliary information - it’s data about your data. Other examples of metadata in a Word document include the document author’s name, the title of the document, and the name of the template upon which the document is based.
When you save the document, its contents are now protected at rest
Confidencial retrieves your private decryption key
The encrypted document data is extracted from the metadata of the document
Your private key is used to decrypt the data
The decrypted data is re-inserted into your document for viewing and editing
When you are done viewing and editing the document, clicking Re-encrypt Before Saving protects the data by executing the steps described in the “Encrypting the document” section above
🔒 At no point during this entire encrypt-decrypt process did your document’s contents get sent to Confidencial. All encryption and decryption is done locally on your machine. It is an end-to-end secure process.
💬 With the release of Confidencial 2.2, you will be able to send messages and files directly from the Confidencial web or desktop app using Slack, Outlook, or Gmail! Check back here after the release of V2.2 for a description of how Confidencial implements an end-to-end solution for data sharing using your favorite messaging apps.
Confidencial fetches your public encryption key from its (or the local cache of public keys on your machine)
Your original document data is now replaced with a banner that informs viewers of the document that it is protected with Confidencial. A hyperlink is included within the banner that directs users to .
When you later open this document and , here is what happens:
🔑 Depending on , this will be done by either requesting it from , assembling it from , or by asking you to load it from your chosen
