WhatsApp recently announced that it will soon roll out end-to-end encrypted cloud backups on Android and iOS. This will help your chats stay encrypted even when they are stored on a cloud service as a part of WhatsApp backups. To recall, the app has been providing end-to-end encrypted messages feature to its users since 2016, and this is simply an expansion of it.
🎉 WhatsApp is the leading global messaging service to offer *both* end-to-end encrypted messaging and backups on iCloud or Google Drive. 🎉
So you can make sure that bestie’s voice messages and mum’s secret recipe will be safely stored in a place only you can access.
— WhatsApp (@WhatsApp) September 10, 2021
End-to-end encrypted backups feature will soon be rolled out to both Android and iOS devices in the coming weeks. It will be made available as an optional feature, which users can manually enable inside of the app. Here we will be taking a look at how the end-to-end encrypted backups feature will work and how you can enable it when it is made available.
How end-to-end encrypted backups will work?
Facebook in a blog post had said that it has developed a new system for encryption key storage for Android and iOS. Once the user turns on the feature, their backups will be encrypted with a unique, randomly generated encryption key. They can also opt to secure the key manually or with a user password.
The company states that if a user is to opt for a password, the key will then be stored in a Backup Key Vault that is built based on a component called a hardware security module (HSM).
Whenever an account owner needs access to their backup, they can access it with their encryption key, or they can use their personal password to retrieve their encryption key from the Backup Key Vault and decrypt their backup.
The HSM-based Backup Key Vault will render a key permanently inaccessible after a limited number of unsuccessful attempts to access it, to counter brute-force attempts. WhatsApp has said that it will only know that a key exists, however, it will not know the key itself.
How will WhatsApp store encryption keys in the Backup Key Vault?
WhatsApp will use its front-end service, ChatD, to handle client connections and client-server authentication, and will implement a protocol that sends the keys to the backups to and from its servers. During this, the user’s smartphone and the HSM-based Backup Key Vault will exchange encrypted messages. The company states that these messages being exchanged between the client’s phone and its servers will not be accessible to ChatD.
To manage encryption keys properly and to ensure that they are available at all times, the HSM-based Backup Key Vault service will be geographically distributed across multiple data centres according to the company. This will help in keeping the backup keys up and running in case of a data centre outage.
HSM-based Backup Key Vault and the encryption and decryption process
Once a user chooses to protect their end-to-end encrypted backup with a personal password, their key will be sent to the HSM-based Backup Key Vault to store and safeguard it.
To retrieve a key, a user would have to follow the given steps:
- Enter the password, which will be verified by the Backup Key Vault.
- The Backup Key Vault will then send the encryption key back to the user’s smartphone.
- Now, using the smartphone the user can decrypt their end-to-end encrypted backups.
The post WhatsApp to soon roll out end-to-end encrypted backups to Android, iOS appeared first on BGR India.