What is End-to-End-Encryption?

Jon McLachlan
4 min readApr 27, 2021

Photo by Jan Antonin Kolar on Unsplash

Legacy encryption is not sufficient.

Let’s start with something we all know: Encryption in transit and encryption at rest. Encryption in transit provides confidentiality when your data is moving through the Internet. The little lock icon indicates TLS, which is encryption in transit.

The locked icon in Chrome indicating Encryption in Transit.

Encryption at rest provides confidentiality when your data is on a physical storage medium. Even data in the cloud is on a physical device somewhere.

Where are the gaps?

Today, hackers steal data by breaking into the cloud. Neither encryption in transit or encryption at rest protect your data from this.

Photo by Jp Valery on Unsplash

The global economy lost an estimated $1.2 Trillion dollars to data breaches in just the first quarter of 2020.

This is why regulated industries that depend on a strong sense of trust for continued business have a high data security bar. But even in regulated verticals, breaches are far too common. For example, Anthem Inc suffered a devastating data breach of 78.8 Million records that contained personally identifiable information.

Photo by Clint Patterson on Unsplash

Proven technology to prevent these types of attacks exists today. It’s called End-to-End-Encryption.

End-to-End-Encryption protects data inside the application.

End-to-End-Encryption is a data security technique employed inside an application itself to encrypt and decrypt application data. This allows data to remain encrypted (confidential) for as long as possible. Anything that does not absolutely need access to your data can’t decrypt it.

Restricting the distribution of keys to the “ends” is why it is called End-to-End-Encryption. Since encryption is a digital lock, it’s the key is that gives you access to the data. All that infrastructure in the middle that doesn’t need access to the data, doesn’t get the key.

So when a hacker breaks into a live system that employs End-to-End-Encryption, it forces them to find and reverse engineer a running application to steal keys and encrypted data. Otherwise, encrypted data is entirely useless without the key. This is significantly more difficult and significantly raises your data security bar.

Photo by Dimitri Karastelev on Unsplash

For example, Signal uses End-to-End-Encryption inside chat rooms to prevent the server components from viewing a conversation’s contents. Even though messages go through servers, the End-to-End-Encryption is between clients (between apps on our phones). Because the servers never see our keys, the server never has the ability to decrypt your chat conversation. For this reason, a hacker in Signal’s cloud will never be able to decrypt your message.

How do I build End-to-End-Encryption into my product?

5 years ago, it was costly and time-consuming to build End-to-End-Encryption into a product. It would take a team of 4–5 security engineers about 2 years to build it, with a total initial investment of about $4.2 million.

But today, it’s quick and easy. Peacemakr offers End-to-End-Encryption-as-a-Service with a fully functioning free tier that uses Open-Source SDKs that integrate into any tech product. All you need to do is select what data to protect, and Peacemakr takes care of the rest. There’s even a convenient CLI tool to quickly encrypt or decrypt data in your system to help with integration and debugging.

It’s so simple and inexpensive that there’s no more excuse for losing data to a security breach.



Jon McLachlan

Founder of YSecurity. Ex-Apple, Ex-Robinhood, Ex-PureStorage. Lives in Oakland. Athlete.