Zharken t1_je6kuzl wrote on March 29, 2023 at 7:48 PM

Reply to comment by Arunia in ELI5: When a third party app says they offer "end to end encryption," what does that mean? by [deleted]

How does the recipient device know the encryption key?

I'd assume a new key has to be generated everytime and if the sender generates one, to encrypt the message, then it can't send the key to the recipient because if it does so, any man in the middle would also know the key and thus, making the entire encryption thing useless.

BiomeWalker t1_je6yucj wrote on March 29, 2023 at 9:19 PM

At the start of the conversation each device sends the other a "public key" which can be used to encrypt the data while keeping a matching "privet key" which is the only way to decrypt data that has been encrypted with the "public key"

Zharken t1_je7705e wrote on March 29, 2023 at 10:15 PM

oh so I give you a key that everyone can see, but can only be used to encrypt, and I have a different key that no one knows that I can use to decrypt what you return to me and vice versa

BiomeWalker t1_je77f0c wrote on March 29, 2023 at 10:18 PM

Yep, that sums it up pretty well.

flux124 t1_je6mt6t wrote on March 29, 2023 at 8:00 PM

The trick is that there exist encryption schemes such as RSA which allow a private and public key. The way it works it that you generate both, keep the private key a secret and share the public key with the world. The private key only decrypts messages signed with the public one and the public one only decrypts messages encrypted with the public key. This means the public can send you messages only you can read and you can send messages that are verifiable to have come from you because they can be decrypted by the public key. From here you can use AES, which is symmetric, same key for encryption and decryption, to share the same key between both people. This is actually how https Internet security works. Your OS /browser keeps track of certain public keys that can be used to verify domains as being legit.