Summary Update.

RelayServer/Services/Crypto/E2EeHelper.cs

@@ -3,6 +3,26 @@ using System.Text;
 
 namespace RelayServer.Services.Crypto;
 
+/// <summary>
+/// Hybrid RSA-2048 + AES-GCM-256 encryption. Used for any payload that needs to be
+/// readable by exactly one party (the holder of a specific RSA private key).
+///
+///   Encrypt:
+///     1. Generate a fresh 256-bit AES key and 96-bit nonce.
+///     2. Encrypt the plaintext with AES-GCM → CipherText + Tag (auth tag, 128-bit).
+///     3. Encrypt the AES key with the recipient's RSA public key (OAEP-SHA256).
+///     4. Return all four as base64 strings in an EncryptedPayload.
+///
+///   Decrypt: reverse — RSA-decrypt the AES key, then AES-GCM-decrypt the ciphertext.
+///
+/// Why hybrid: RSA can only encrypt small inputs (~190 bytes for 2048-bit OAEP-SHA256).
+/// Wrapping a symmetric key with RSA lets us encrypt arbitrarily large payloads while
+/// still using the recipient's RSA keypair as the access mechanism. This is the same
+/// design as PGP, TLS handshakes, etc.
+///
+/// The identical implementation exists in RelayClient.Crypto.E2EeHelper — they're
+/// mirrored on both ends so any payload encrypted on one side decrypts on the other.
+/// </summary>
 public static class E2EeHelper
 {
     public static (string publicKey, string privateKey) GenerateRsaKeyPair()