What Does "Encrypted Message" Mean? A Plain-Language Explanation
Table of Contents
What "Encrypted Message" Actually Means
An encrypted message is one that has been mathematically scrambled so that only the intended recipient can read it. The scrambling is done by an algorithm (cipher) using a key — only someone with the correct key can unscramble it.
When you see "end-to-end encrypted" on WhatsApp, Signal, or iMessage:
- Your message is encrypted on your device before being sent
- It travels encrypted through the internet
- It's only decrypted on the recipient's device
- Not even WhatsApp/Apple/the carrier can read it in transit
When you send a regular SMS text:
- Your message is sent in plaintext (or lightly encrypted in transit to the carrier)
- Your carrier can read it
- Law enforcement can request it
- If intercepted on the network, it's readable
What Lock Icons and Encryption Symbols in Messaging Apps Mean
WhatsApp and iMessage lock icon: The padlock icon next to messages indicates end-to-end encryption is active for that conversation.
Gmail: "Encrypted message" notification: If you receive an encrypted email, Gmail may show it wrapped in a secure message portal. The sender used an encryption service (like Barracuda, Microsoft OME, or Proofpoint) to protect the content. You'll need to authenticate to read it.
Outlook "Encrypt this message": Office 365 message encryption (OME) wraps the email in an encrypted container. Recipients outside your organization receive a link to view it through a portal.
SMS green vs blue bubbles (iPhone): Blue = iMessage (E2EE). Green = regular SMS (not E2EE). This is the same distinction many users know intuitively without knowing the technical reason.
RCS lock symbol on Android: RCS messages with a lock icon indicate RCS end-to-end encryption is active between both parties (requires both users on Google Messages with RCS enabled).
Sell Custom Apparel — We Handle Printing & Free ShippingApp Encryption vs Encrypting Your Own Messages
There's a key difference between your messaging app encrypting the transmission and you encrypting the content before sending:
App-level E2EE (WhatsApp, Signal, iMessage):
- Protects messages in transit between you and the recipient
- The platform cannot read messages while they travel
- Messages are decrypted on both your device and the recipient's device
- If either device is compromised or accessed with a backup, messages are readable
- The app can still read metadata (who you talk to, when, how often)
Pre-encrypting your own content (AES-256):
- The content is encrypted before it enters any app
- Even if someone accesses the message thread, they see ciphertext
- Even if the app or device is compromised, the specific content is protected
- Works on any channel — even non-encrypted ones like SMS or email
- Recipient needs the password to read it
Both are useful; they protect against different threat models.
When You Should Encrypt Text Before Sending It Yourself
You should pre-encrypt text when:
- You're sending sensitive information over a channel without E2EE (regular email, SMS, corporate Slack)
- You want the content protected even if the recipient's device is accessed
- You need to share something sensitive with someone who doesn't use the same app as you
- You want to store a sensitive note in a cloud location without trusting the cloud provider
- The message needs to remain secure regardless of what happens to the channel
You don't need to pre-encrypt when:
- You're communicating over Signal and both parties trust their devices
- The information isn't sensitive enough to warrant extra steps
- Both parties are on secure, E2EE channels and device security is strong
How to Send Your Own Encrypted Message in 3 Steps
- Write your message in any text editor or directly in the encryption tool
- Encrypt with AES-256-GCM — paste your text, set a password, click Encrypt. Get a cipher string.
- Send the cipher through any channel — email, SMS, Slack, WhatsApp. The channel doesn't matter; the cipher is unreadable without the password.
Share the password separately (phone call, in person, or a different channel). The recipient pastes the cipher into the Decrypt panel, enters the password, and reads your message.
This works across any app, any platform, any device. No special software required on the recipient's end — just a browser.
Send Your Own Encrypted Message — Free, Any Channel
AES-256-GCM in your browser. Encrypt your message, share the cipher anywhere, recipient decrypts with the password. No app required.
Open Free Text Encryption ToolFrequently Asked Questions
What does "end-to-end encrypted" actually protect?
End-to-end encryption protects message content during transit — only the sender and recipient can read it. The platform facilitating the communication (WhatsApp, Signal) cannot read the messages. It does NOT protect against someone accessing your physical device, cloud backups (depending on settings), or metadata about who you communicate with.
Are regular text messages (SMS) encrypted?
SMS is weakly protected. Messages may be encrypted between your phone and the carrier tower, but the carrier can access them, they can be subpoenaed, and they were historically readable if intercepted on the network. SMS is not considered secure for sensitive information. Use iMessage, WhatsApp, or Signal for E2EE.
What happens if I receive an encrypted email I can't open?
You likely need to authenticate through a secure portal (Barracuda, Microsoft OME, or similar). The email body will contain a link and instructions. If you're the intended recipient, follow the link and verify your identity to access the decrypted content in a protected browser session.
Is WhatsApp's encryption actually secure?
WhatsApp uses the Signal Protocol for E2EE, which is considered cryptographically sound. However, WhatsApp backs up to Google Drive or iCloud by default (these backups are NOT E2EE unless you enable encrypted backup). The metadata (who you message, when, how often) is also accessible to Meta. The encryption is technically sound; the risk is in backups and metadata.