How WhatsApp is enabling end-to-end encrypted backups
In order to protect the privacy of people’s messages, WhatsApp has offered end-to-end encryption as standard for years, so that messages can only be seen by the sender and recipient and no one in between. Now we plan to give people the option to protect their WhatsApp backups with end-to-end encryption as well.
Users can already back up their WhatsApp message history via cloud-based services such as Google Drive and iCloud. WhatsApp has no access to these backups and they are backed up by the individual cloud-based storage services.
But if people now choose to enable end-to-end encrypted (E2EE) backups as soon as they are available, neither WhatsApp nor the backup service provider will be able to access their backup or backup encryption key.
This is how E2EE backups work
Generating encryption keys and passwords
To enable E2EE backups, we developed a completely new encryption key storage system that works with both iOS and Android. When E2EE backups are enabled, backups are encrypted with a unique, randomly generated encryption key. Users can secure the key manually or with a user password. When someone chooses a password, the key is stored in a backup key vault based on a component called a hardware security module (HSM). – specialized, secure hardware that can be used to securely store encryption keys. If the account holder needs access to their backup, they can access it with their encryption key or use their personal password to retrieve their encryption key from the HSM-based Backup Key Vault and decrypt their backup.
The HSM-based Backup Key Vault is responsible for enforcing password verification attempts and making the key permanently inaccessible after a minimal number of unsuccessful access attempts. These security measures protect against brute force attempts to obtain the key. WhatsApp only knows that there is a key in the HSM. It won’t know the key itself.
Store the key in the Backup Key Vault
WhatsApp’s front-end service, ChatD, handles client connections and client-server authentication and implements a protocol that sends the keys to the backups to and from the WhatsApp servers. The client and the HSM-based backup key vault exchange encrypted messages, the content of which is not accessible to ChatD itself.
The HSM-based Backup Key Vault sits behind ChatD and offers highly available and secure storage for the encryption keys for the backups. The backups themselves are generated as a continuous data stream that is encrypted with symmetric encryption with the generated key. If E2EE backups are enabled, a backup can be stored outside the device after encryption (e.g. on iCloud or Google Drive).
WhatsApp serves over 2 billion people, and one of the core challenges of this product was to ensure that the HSM-based Backup Key Vault was working reliably. To ensure that the system is always available, the HSM-based Backup Key Vault service is geographically distributed across multiple data centers to keep it operational in the event of a data center failure.
Backups can be encrypted end-to-end with a 64-digit encryption key.
Backups can also be secured with a password. In this case, the encryption key is stored in the HSM-based Backup Key Vault.
The HSM-based Backup Key Vault and the encryption and decryption process
If the account holder uses a personal password to protect their end-to-end encrypted backup, the HSM-based Backup Key Vault stores the key and secures it by registering it with the Backup Key Vault.
When someone wants to get their backup:
- You enter your password, which is encrypted and then verified by the Backup Key Vault.
- Once the password has been verified, the Backup Key Vault will send the encryption key back to the WhatsApp client.
- With the key in hand, the WhatsApp client can then decrypt the backups.
Alternatively, if an account holder has chosen to use the 64-digit key alone, they must manually enter the key themselves in order to decrypt and access their backups.
E2EE backups will be available for iOS and Android in the coming weeks. See the whitepaper on End-to-End Encrypted Backups to learn more about the technical details.