WhatsApp Encryption
First of all we all know whatsApp has built wonderful apps to stay in touch with our friends and family and we can share our wonderful moments on WhatsApp, that's why whatsapp has include the encryption in the app. This feature encrypt your all voice messages text messages videos and photos even voice calls.
WhatsApp encryption is available when you and the people you message use the app. Many other apps only encrypt between you and app company only, but WhatsApp end to end encryption ensures only you and the person you message nobody in between not even WhatsApp because your messages are secured with the lock and only the recipient and you have the special key needed to unlock and read the messages.
Now you wonder how all this works actually this works automatically no need to turn any settings to secure your messages. At registration time whatsApp client transmits its public identity key and one-time Pre-Keys to the server the WhatsApp server stores these keys associated with user's identifier. At no time WhatsApp server have access to any of the clients private key.
How Setup Works
To communicate with other whatsApp user a WhatsApp client first needs to establish an encrypted session. Once the session established client do not need to rebuild a new session with each other until the existing session state is lost through an external event such as an app re-install or device change. Once a session has been established user can exchange the messages right away.
Even though large attachments of any type ( video, audio, images or files ) are also end-to-end encrypted the sender uploads the encrypted attachment to a blob store. The sender transmits a normal encrypted message to the recipient that contains the encryption key and recipient decrypts the message, retrieves the encrypted blob from the blob Store.
WhatsApp voice and video calls are also end-to-end encrypted. When a WhatsApp user initiates a voice or video call the initiator builds an encrypted session with the recipient then initiator generates a random 32-byte SRTP master secret and initiator transmits an encrypted message to the recipient that signals an incoming call, and contains the SRTP encrypted call ensues.
WhatsApp users additionally have the option to verify the keys of the other users with whom they are communicating so that they are able to confirm that and unauthorized third party or WhatsApp has not initiated man in the middle attack.This can done by scanning QR code or by comparing 60-digit number.
The QR code contains:
1. A Version.
2. The user identifier for both parties.
3. The full 32-byte public identity key for both parties.
When either user scans the others QR code the keys are compared to ensure that what is the QR code matches the Identity key as retrieved from the server. The 60 digit number is computed by concatenating the two 30-digit numeric fingerprints for each users identity key. To calculate a 30-digit numeric fingerprint.
Conclusion:
Messages between WhatsApp users are protected with an end-to-end encryption all so that third parties and WhatsApp cannot read them and so that the messages can only be decrypted by the recipient. All types of whatsApp messages (including chats, group chats, images, videos, voice messages and files) and WhatsApp calls are protected by end to end encryption.
WhatsApp servers do not have access to the private keys of whatsApp users, and WhatsApp users have the option to verify keys in order to ensure the integrity of their communication.
I hope now you all have some idea how this all end-to-end encryption works.
If this article helps you in understanding what is encryption and how it works then please do share with your friends...
No comments:
Post a Comment