# E2E report encryption

End-to-end (E2E) encryption is an optional functionality at HackenProof, and by default, this function is turned off. <mark style="background-color:purple;">A core of encryption at HackenProof is PGP encryption.</mark>

### End-to-end encryption&#x20;

Implementing end-to-end encryption on HackenProof is a simple process and optional, yet it provides a strong layer of security.&#x20;

<figure><img src="https://2686245090-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Faou7mxABOvrk0uZ81vUx%2Fuploads%2FbJIxy4HcpFxyYm012hkb%2Fimage.png?alt=media&#x26;token=fd38c0ef-f401-4ffb-9eb8-a062f8072c74" alt=""><figcaption><p>end-to-end encryption on HackenProof </p></figcaption></figure>

End-to-end (E2E) encryption is intended to prevent data from being read or modified by anyone but the sender (hacker) and recipient (company). The reports are encrypted by the sender (hacker) and decrypted by the recipient (company) locally on their device. Any cloud storage providers or other third parties that transmit or store the data between the sender and recipient handle the data as they normally would.

### What can be encrypted?

At HackenProof, our end-to-end encryption service extends to a broad range of data, encompassing text (report body) and multiple file formats.&#x20;

Files encryption includes bmp, gif, jpeg, png, pdf, mpeg, mp4, mov, csv, txt, zip, sol, rs, md, ts and more.

### How to turn on E2E encryption&#x20;

To initiate report encryption, a company has to:

* generate its own PGP keypair, which consists of a public key and a private key. You can use one of these resources for key generation:&#x20;
  * <https://webencrypt.org/openpgpjs/>
  * <https://openpgpjs.org/>
* then provide a public key to our team at HackenProof.
* Once we receive the public key, we enable report encryption for the company and display a label indicating that encryption is in use.

For hackers, the process remains unchanged. They submit a report as they always would, specifying data & files which are then encrypted on their end before they go to our backend.

### How to decrypt the report

When a company receives an encrypted report it can be:

* **decrypted on the platform** by using the appropriate private key (we don't store private keys so the company has to specify it every time to review the report)

<figure><img src="https://2686245090-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Faou7mxABOvrk0uZ81vUx%2Fuploads%2FUzUWC5LQJ8HjVG3cwEXN%2Fimage.png?alt=media&#x26;token=63020dda-b62b-4185-b386-a0b9f7500fab" alt=""><figcaption><p>Decrypt encrypted report at the platform</p></figcaption></figure>

* or report can **be downloaded and decrypted locally** using the private key, you can use one of these tools to decrypt the report:
  * <https://webencrypt.org/openpgpjs/>
  * <https://openpgpjs.org/>

### How to share the encrypted report

Read here on how [to share a report with the Viewer](https://docs.hackenproof.com/dashboard/company-dashboard/share-report). Then when you add viewers to your program you can start sharing encrypted reports with Viewers, but before that, you will need:

* Your private key to decrypt the encrypted report&#x20;
* and specify the public key of the viewer to decrypt the report&#x20;
* As a result, the Viewer will get the encrypted report and he will need his appropriate private key to decrypt the shared report

<mark style="background-color:purple;">Note, if your report initially was encrypted then you can't share this report with the viewers without re-encryption</mark>&#x20;