Summary Update.

RelayServer/Services/Chat/ChannelCryptoService.cs

@@ -3,6 +3,25 @@ using System.Text;
 
 namespace RelayServer.Services.Chat;
 
+/// <summary>
+/// AES-GCM-256 only (no RSA). Used exclusively for "at-rest" encryption of channel messages
+/// in the SurrealDB channel_messages table.
+///
+/// Why a separate service from E2EeHelper:
+///   - E2EeHelper is for *transit* between a specific sender and a specific recipient — it
+///     wraps an ephemeral AES key with the recipient's RSA public key.
+///   - ChannelCryptoService is for *storage* — the server is both the encryptor and the
+///     decryptor, and it stores the symmetric channel key in server_encryption_keys.KeyBase64.
+///     There's no recipient to wrap for.
+///
+/// Server flow for a chat message:
+///   incoming SocketEncryptedMessage  (encrypted with server's RSA public key, by client)
+///     → E2EeHelper.DecryptForRecipient(serverPrivateKey) → plaintext
+///     → ChannelCryptoService.Encrypt(channelDbKey)       → stored ciphertext
+///     → … later, on history fetch …
+///     → ChannelCryptoService.Decrypt(channelDbKey)       → plaintext
+///     → E2EeHelper.EncryptForRecipient(clientPublicKey)  → delivered ciphertext
+/// </summary>
 public sealed class ChannelCryptoService
 {
     public string GenerateKey()