Violet
Glossary

End-to-end encryption, defined

Published 2026-07-04 · updated 2026-07-04

End-to-end encryption means content is encrypted on the sender's device and can only be decrypted on an authorized recipient's device, so no server in between can read it. The keys exist only at the ends. This is different from HTTPS, which protects data in transit but lets the server read everything on arrival.

The three places encryption can live

Encryption protects data in three different places, and the differences decide who can read your content. The table below compares the three architectures factually: what each protects, and who holds the keys.

ArchitectureWhat it protectsWho holds the keysCan the provider read content?
Encryption in transit (TLS/HTTPS)Data moving over the networkYour device and the server, per connectionYes, after it arrives
Encryption at restData sitting on the provider's disksThe providerYes, at any time
End-to-end encryptionContent everywhere outside your devicesOnly your devicesNo, only the envelope and its metadata

What the provider still sees

End-to-end encryption is a claim about content, not about everything. A provider running an end-to-end encrypted sync service still sees metadata: which account is syncing, when, and roughly how much. Honest products state this plainly. The claim worth testing is narrower and stronger: the provider cannot read what is inside the envelopes, not as a policy but as a property of the design.

In Violet

Violet, currently pre-launch, seals your content on your device under an AES-256-GCM key derived from your passphrase. Each stored record is an envelope of exactly two fields, a nonce and ciphertext, and the sealing and opening functions run only on the client, never on the server. AES-GCM is authenticated encryption, so a wrong key or any tampering with the envelope makes decryption fail loudly instead of returning garbage.

Definitions

end-to-end encryption
An arrangement where content is encrypted on the sender's device and decrypted only on an authorized endpoint, with the keys held exclusively at those endpoints, so no intermediate server can read the content.
ciphertext
The unreadable output of encryption. Without the key, ciphertext reveals nothing useful about the original content; with the key, it decrypts back to the original.
plaintext
The original readable data before encryption, or after successful decryption.
envelope
A stored encrypted record: the ciphertext plus the non-secret values needed to decrypt it later, such as a nonce. In Violet, an envelope is exactly a nonce and ciphertext.
authenticated encryption
Encryption that also proves integrity: decryption fails outright if the ciphertext was tampered with or the wrong key is used. AES-GCM is a widely used authenticated encryption mode.

Questions

Does HTTPS mean my messages are end-to-end encrypted?

No. HTTPS (TLS) encrypts data between your device and the server, which stops eavesdropping on the network. But the server decrypts everything on arrival and can read it all. End-to-end encryption additionally encrypts the content itself under keys the server never has, so the server stores only ciphertext.

What is a locked envelope in Violet?

It is the record Violet's server stores when cloud sync is on: a nonce plus ciphertext, produced on your device under a key derived from your passphrase. The server can store and return the envelope, but it cannot open it, because the key never leaves your devices.

Related pages

Sources