HackenProof Docs
  • Welcome
    • HackenProof
      • Services we provide
      • Our resources
    • Integrations
      • Slack
      • Discord
      • Telegram
      • Zapier (Webhook)
        • Zapier -> Lark
        • Zapier -> Linear
        • Zapier -> Jira Service Management
        • Zapier -> PagerDuty
        • Zapier -> Google Chat
        • Zapier -> ClickUp
      • Jira Software
      • GitHub Issue
      • GitLab Issue
      • VDP iFrame
    • FAQ
      • Audit & Bug Bounty (BB)
      • Crowdsourced Audit & BB
      • Penetration testing & BB
    • Emergency
      • Reset 2FA
    • Code of Conduct
    • Referral Program
  • Bug Bounty
    • Bug Bounty process
    • How to start Bug Bounty
    • How to create a VDP
    • Vulnerability classification
      • Web & Mobile
        • Out-of-Scope Bugs
      • Smart contracts
      • Blockchain protocols
    • Reports Basics
      • Points Guide
      • Crafting a well-readable report
  • Dashboard
    • Company dashboard
      • Manage programs
      • Manage reports
      • Share report
      • Labels
      • E2E report encryption
      • Reports decrypting with Mailvelope
      • Users and roles
      • Program/Report Assignee
      • Replenish your balance
      • Integrations
    • Hacker dashboard
      • 👉How to start
      • Submit a report
      • Reports Basics
      • Vulnerability classification
      • 👮‍♂️KYC
      • Сreate a crypto wallet
      • 💸Withdraw bounty
      • Hacker Leaderboard
      • Reset 2FA
      • 🍕HackenProof community
      • Report ID
      • Private Program
      • Contact support
    • Company-Auditor dashboard
      • How to start
      • Add members
      • Submit report
      • Contact support
  • Crowdsourced audit
    • Audit process
    • How to start Audit
    • Supported tech
    • Vulnerability classification
    • Reports Basics
    • Qualified Auditors
    • Judging / Triaging
      • Targets
      • Team
    • Fee & Payments
  • DualDefense Audit
    • What is DualDefence Audit
    • How DualDefence Audit goes
    • DualDefence Audit — researchers' perspective
  • good to know
    • Changelog
    • Branding
    • Vulnerability Disclosure
  • Education
    • Courses
    • Tools
    • Useful sources
Powered by GitBook
On this page
  • End-to-end encryption
  • What can be encrypted?
  • How to turn on E2E encryption
  • How to decrypt the report
  • How to share the encrypted report
  1. Dashboard
  2. Company dashboard

E2E report encryption

This guide describes how to encrypt and decrypt reports

PreviousLabelsNextReports decrypting with Mailvelope

Last updated 10 months ago

End-to-end (E2E) encryption is an optional functionality at HackenProof, and by default, this function is turned off. A core of encryption at HackenProof is PGP encryption.

End-to-end encryption

Implementing end-to-end encryption on HackenProof is a simple process and optional, yet it provides a strong layer of security.

End-to-end (E2E) encryption is intended to prevent data from being read or modified by anyone but the sender (hacker) and recipient (company). The reports are encrypted by the sender (hacker) and decrypted by the recipient (company) locally on their device. Any cloud storage providers or other third parties that transmit or store the data between the sender and recipient handle the data as they normally would.

What can be encrypted?

At HackenProof, our end-to-end encryption service extends to a broad range of data, encompassing text (report body) and multiple file formats.

Files encryption includes bmp, gif, jpeg, png, pdf, mpeg, mp4, mov, csv, txt, zip, sol, rs, md, ts and more.

How to turn on E2E encryption

To initiate report encryption, a company has to:

  • generate its own PGP keypair, which consists of a public key and a private key. You can use one of these resources for key generation:

  • then provide a public key to our team at HackenProof.

  • Once we receive the public key, we enable report encryption for the company and display a label indicating that encryption is in use.

For hackers, the process remains unchanged. They submit a report as they always would, specifying data & files which are then encrypted on their end before they go to our backend.

How to decrypt the report

When a company receives an encrypted report it can be:

  • decrypted on the platform by using the appropriate private key (we don't store private keys so the company has to specify it every time to review the report)

  • or report can be downloaded and decrypted locally using the private key, you can use one of these tools to decrypt the report:

How to share the encrypted report

  • Your private key to decrypt the encrypted report

  • and specify the public key of the viewer to decrypt the report

  • As a result, the Viewer will get the encrypted report and he will need his appropriate private key to decrypt the shared report

Note, if your report initially was encrypted then you can't share this report with the viewers without re-encryption

Read here on how . Then when you add viewers to your program you can start sharing encrypted reports with Viewers, but before that, you will need:

https://webencrypt.org/openpgpjs/
https://openpgpjs.org/
https://webencrypt.org/openpgpjs/
https://openpgpjs.org/
to share a report with the Viewer
end-to-end encryption on HackenProof
Decrypt encrypted report at the platform