WhatsApp, the communications app used across the globe, is implementing end-to-end encrypted chat backups for users, meaning more security for your conversations, as well as a place to store and retrieve conversations in a secure fashion.
Facebook’s engineering staff wrote a detailed post on how this works for WhatsApp, and honestly, it’s all above my head. The process for users is easy, even though behind the scenes there is a complex and worldwide system put in place to enable its operation. First, a user will enable E2EE backups, which generates an encryption key. At that point, you’ll be served a 64-digit representation of that key. With key in hand, you’ll then create your backup and encrypt it, with the backup then being stored in the cloud (Google Drive or iCloud).
If you need your backup, you’ll use your 64-digit key, which will retrieve the backup from the cloud, and once the key is validated, the backup of your chat history will be restored on your device.
As I know this may interest a few of you, I’ll post the breakdown of how keys and passwords are generated, as even I found it a bit intriguing.
To enable E2EE backups, we developed an entirely new system for encryption key storage that works with both iOS and Android. With E2EE backups enabled, backups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password. When someone opts for a password, the key is stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM) — specialized, secure hardware that can be used to securely store encryption keys. When the account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.
The HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a minimal number of unsuccessful attempts to access it. These security measures provide protection against brute-force attempts to retrieve the key. WhatsApp will know only that a key exists in the HSM. It will not know the key itself.
That’s pretty sweet, right?
WhatsApp on both Android and iOS will receive this feature in the “coming weeks.”