E2E report encryption
This guide describes how to encrypt and decrypt reports
Last updated
This guide describes how to encrypt and decrypt reports
Last updated
End-to-end (E2E) encryption is an optional functionality at HackenProof, and by default, this function is turned off. A core of encryption at HackenProof is PGP encryption.
Implementing end-to-end encryption on HackenProof is a simple process and optional, yet it provides a strong layer of security.
End-to-end (E2E) encryption is intended to prevent data from being read or modified by anyone but the sender (hacker) and recipient (company). The reports are encrypted by the sender (hacker) and decrypted by the recipient (company) locally on their device. Any cloud storage providers or other third parties that transmit or store the data between the sender and recipient handle the data as they normally would.
At HackenProof, our end-to-end encryption service extends to a broad range of data, encompassing text (report body) and multiple file formats.
Files encryption includes bmp, gif, jpeg, png, pdf, mpeg, mp4, mov, csv, txt, zip, sol, rs, md, ts and more.
To initiate report encryption, a company has to:
generate its own PGP keypair, which consists of a public key and a private key. You can use one of these resources for key generation:
then provide a public key to our team at HackenProof.
Once we receive the public key, we enable report encryption for the company and display a label indicating that encryption is in use.
For hackers, the process remains unchanged. They submit a report as they always would, specifying data & files which are then encrypted on their end before they go to our backend.
When a company receives an encrypted report it can be:
decrypted on the platform by using the appropriate private key (we don't store private keys so the company has to specify it every time to review the report)
or report can be downloaded and decrypted locally using the private key, you can use one of these tools to decrypt the report:
Read here on how to share a report with the Viewer. Then when you add viewers to your program you can start sharing encrypted reports with Viewers, but before that, you will need:
Your private key to decrypt the encrypted report
and specify the public key of the viewer to decrypt the report
As a result, the Viewer will get the encrypted report and he will need his appropriate private key to decrypt the shared report
Note, if your report initially was encrypted then you can't share this report with the viewers without re-encryption