WhatsApp has announced that they will be rolling out end-to-end encryption for its user’s backup messages.
WhatsApp has already provided end-to-end encryption (E2EE) for its messages between sender and recipient, this time will be applying this to its user’s chat history. This was previously saved via cloud-based services, but if the user opts for the E2EE backups, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key.
To enable the E2EE backups, WhatsApp developers have created a new system for encryption key storage that works with both iOS and Android. When enabled, the backups will be encrypted with a unique, randomly generated encryption key—allowing its user to choose between manually securing the key or with a user password. When opted for the password, the key is stored in a Backup Key Vault that is built based on a component called hardware security module (HSM).
The HSM-based Backup Key vault is responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a limited number of unsuccessful attempts to access it. WhatsApp will know that a key exists in the HSM, but it will not know the key itself.
If you want to access the backup, you must do the following:
• Enter your password, which is encrypted and then verified by the Backup Key vault.
• Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client.
• With the key in hand, the WhatsApp client can then decrypt the backups.
E2EE backups will be available on iOS and Android in the coming weeks. If you want to find out more about this, click here.
Source: WhatsApp