WhatsApp can be forced to decrypt WhatsApp Google Drive backups by state surveillance

The AES-GCM-256 key is stored and generated by WhatsApp server and is sent to the client. When a user signs in to new device, it retrieves the key from the server and decrypts the backup. That key is then reused again to encrypt daily chat backups. WhatsApp service might rotate the key for the client after some period of time. If the user doesn’t want to restore the backup, then the new key is generated by the server. If you delete the key, new key is generated and sent to the client when you reopen the app.

Older keys are still kept on server in case you want to decrypt older chat backups.

Here’s the filtered logs of whatsapp.log file when the client decrypts the backup. Information about each log is in comments

Whereas, Signal encrypts the backup with AES-CTR-256 key derived from the randomly generated pasword with 250,000 rounds of SHA-512. User is required to save this password.


Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button