Facebook explains how WhatsApp’s end-to-end encrypted backups work
Facebook-owned WhatsApp has offered end-to-end encrypted messaging for quite a while now, though that additional security hasn’t applied to backups in the past. It doesn’t apply to media either, and you’re reliant on the encryption services offered by the cloud provider that you back up to. Those cloud providers can also decrypt them should the need ever arise, and for the privacy-conscious, that’s obviously less than ideal.
How WhatsApp’s end-to-end encrypted backups work
Generating encryption keys and passwords
Facebook says that it has developed an entirely new system for encryption key storage that works across both iOS and Android. Backups are encrypted with a unique, random key, and the key can either be stored manually or with a password. Should the user want to store it with a password, they can access the hardware-security-module-based Backup Key Vault to retrieve their encryption key and decrypt the backup. This vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a number of unsuccessful attempts to access it. This prevents brute-force attacks, and WhatsApp won’t ever know the key.
WhatsApp makes use of a front-end service called ChatD, which handles client connections and client-server authentication. It will implement a protocol that sends backup keys to and from WhatsApp’s servers, and the client and key vault exchange encrypted messages. Backups are generated as a continuous stream of data that is encrypted symmetrically — i.e., the key used to encrypt it can also be used to decrypt it. Once encrypted, the backups can be stored anywhere off-site, including on Google Drive or iCloud.
Facebook says that to help cope with the number of users that rely on WhatsApp, the key vault service will be geographically distributed across multiple data centers in the case of an outage. Facebook also released a pair of graphics that show how end-to-end encryption works when using a key to decrypt your backup, or when using a user password to decrypt it.
The encryption and decryption process when using a password
If the account owner uses a password to access their backup, then it will work via the following process to retrieve the key from the key vault.
- They enter their password, which is encrypted and then verified by the Backup Key Vault.
- Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client.
- With the key in hand, the WhatsApp client can then decrypt the backups.
If the 64-bit key alone is what’s being used, then the user will need to manually save and enter the key themselves.