crypto/README.md

+# Fp311Online Cryptography Setup
+
+## Introduction 
+
+The connection between client and server is encrypted using common cryptographic protocols.
+
+As this is communication between two custom applications and not a general-purpose webbrowser and a general-purpose server, and the client will only ever connect to the servers operated by a single organization (the university) instead of any server anywhere on the internet, the usual system of certificates signed by publicly trusted certificate authorities is bypassed.
+
+Instead, self-signed certificates are used and the common library of client and server collects all those self-signed certificates that the client will trust.
+The server has to use one of the certificates that the client trusts.
+
+## Development Certificates
+
+For the purpose of developing and tesing the application, the certificate `devel.pem` is added here.
+The corresponding private key is not kept private but intentionally added to the server repository.
+
+The CMake option `-DENABLE_DEVEL_CERTIFICATES` controls whether this certificate is trusted by a client.
+
+:warning: Never enable this on builds used for production!
+
+## Production Certificates
+
+To be added later...