WhatsApp has announced that it will be implementing end-to-end encryption for backup communications for its users.
WhatsApp has already enabled end-to-end encryption (E2EE) for messages between sender and recipient; now, it will apply this to its users’ chat history. This was previously saved via cloud-based services, but if the user chooses E2EE backups, neither WhatsApp nor the backup service provider will access their backup or backup encryption key.
WhatsApp developers have devised a new approach for encryption key storage that works with both iOS and Android to enable E2EE backups. When enabled, backups will be secured with a unique, randomly generated encryption key, giving the user the option of securing the key manually or with a user password. When a password is chosen, the key is saved in a Backup Key Vault, constructed on a component known as a hardware security module (HSM).
The HSM-based Backup Key vault enforces password verification attempts and makes the key permanently inaccessible after a certain number of failed attempts. WhatsApp will be aware that a key exists in the HSM but will not be aware of the key itself.
To gain access to the backup, you must complete the following:
• Enter your password, which will be encrypted and validated by the Backup Key vault.
• After verifying the password, the Backup Key Vault will send the encryption key back to the WhatsApp client.
• Once the key is obtained, the WhatsApp client can decrypt the backups.
In the coming weeks, E2EE backups will be available on iOS and Android. If you want to learn more about this, go here.