WhatsApp to roll out support for end-to-end encrypted back-ups

Our Bureau Mumbai | Updated on October 15, 2021

Users can now secure their end-to-end encrypted back-up with either a password of their choice or a 64-digit encryption key

WhatsApp has started rolling out its new end-to-end encrypted back-ups feature for users starting with the latest version of the platform.

“While end-to-end encrypted messages you send and receive are stored on your device, many people also want a way to back-up their chats in case they lose their phone,” the messaging platform announced in a blog post.

“We are making available an extra, optional layer of security to protect back-ups stored on Google Drive or iCloud with end-to-end encryption,” it said.

With this, users can now secure their end-to-end encrypted back-up with either a password of their choice or a 64-digit encryption key.

“Neither WhatsApp nor your back-up service provider will be able to read your back-ups or access the key required to unlock it,” it said.

The feature will be rolled-out slowly to those with the latest version of WhatsApp.

“We will be taking it slowly – we know how important back-ups are to people and we need to get it right – but we are working hard to get this option out to everyone as soon as possible,” WhatsApp head Will Cathcart wrote on Twitter.

Users can enable end-to-end encrypted back-ups from Settings. In Settings, they can go to Chats > Chat Backup > End-to-end encrypted backup.

There, they will have to tap on Continue, then follow the prompts to create a password or a key and tap ‘Done’.

Users will have to then wait for WhatsApp to prepare their end-to-end encrypted back-up. They can also turn off end-to-end encrypted backup from Settings.

Users must note that they will not be able to restore their back-up if they lose their WhatsApp chats and forget their password or key. “WhatsApp can’t reset your password or restore your back-up for you,” it said.

Facebook-owned messaging platform had launched the feature in beta. It had first introduced the feature last month.

“We are adding another layer of privacy and security to WhatsApp: an end-to-end encryption option for the back-ups people choose to store in Google Drive or iCloud,” Facebook CEO Mark Zuckerberg had said in a statement.

“WhatsApp is the first global messaging service at this scale to offer end-to-end encrypted messaging and back-ups, and getting there was a really hard technical challenge that required an entirely new framework for key storage and cloud storage across operating systems,” Zuckerberg had added.

How it works

If users choose to enable end-to-end encrypted (E2EE) back-ups once available, neither WhatsApp nor the backup service provider will be able to access their backup or their backup encryption key, the company explained in a post.

“With E2EE back-ups enabled, back-ups will be encrypted with a unique, randomly generated encryption key. People can choose to secure the key manually or with a user password,” it explained.

If a user opts for a password to secure the key, the key will be stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM).

Account owners can access their encrypted backup with the key when needed or they can use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.

“The HSM-based Backup Key Vault will be responsible for enforcing password verification attempts and rendering the key permanently inaccessible after a limited number of unsuccessful attempts to access it,” it said.

WhatsApp will know only that a key exists in the HSM. It will not know the key itself, it further clarified.

While storing a key in the vault, the client connections and client-server authentication will be managed by WhatsApp’s front-end service, ChatD.

When encryption is enabled, the back-ups will be generated as a continuous stream of data that is encrypted using symmetric encryption with the generated key. Once encrypted, a back-up can then be stored off device (e.g., to iCloud or Google Drive).

In order to retrieve the back-up, users will enter their password, which is encrypted and then verified by the Backup Key Vault.

Once the password is verified, the Backup Key Vault will send the encryption key back to the WhatsApp client. Once the key is received, the WhatsApp client can then decrypt the backups.

Alternatively, if an account owner has chosen to use the 64-digit key alone, they will have to manually enter the key themselves to decrypt and access their back-ups.

Published on October 15, 2021

Follow us on Telegram, Facebook, Twitter, Instagram, YouTube and Linkedin. You can also download our Android App or IOS App.

This article is closed for comments.
Please Email the Editor

You May Also Like