Solun · Learn

End-to-End Encryption Basics

Understand how end-to-end encryption works in the browser and what it protects.

End-to-end encryption means only the sender and recipient can read the content.

In Solun secure mode, the browser generates the key and keeps it out of the server.

Key generation and storage

The browser uses Web Crypto to create a random AES-256-GCM key.

That key is placed in the URL fragment, which never leaves the browser during HTTP requests.

What the server stores

The server only receives ciphertext and metadata like size, chunk order, and expiration.

Without the fragment, the server cannot decrypt the data even if storage is accessed.

Integrity and authenticity

AES-GCM provides integrity checks so tampering is detected during decryption.

However, a forwarded link still grants access, so link handling remains critical.

Limitations

End-to-end encryption does not protect against device compromise or screenshots.

Pair secure mode with short TTLs and burn-after-read when content is highly sensitive.

Related guides

Secure Paste SharingSecure File SharingPrivate Link SharingThreat Model for Private Sharing
Back to Solun