Did you run gpg yourself to generate the key pair, then exchange pub keys with your chat partner? Or did Facebook generate the keys for you from within a closed source application?
Huh but WhatsApp’s server only stores public keys (to route messages). The server cannot decrypt the message because it lacks the private key which is stored locally on your phone? WhatsApp uses the Signal Protocol (developed by Signal Messenger), which is considered the gold standard for E2EE. This protocol ensures that keys are temporary and regularly refreshed.
Each user (and each device) has a unique key pair (public and private key). The recipient’s public key is used to encrypt messages. Only the recipient’s private key can decrypt them. The private keys (required to decrypt messages) remain locally on your device. WhatsApp’s servers do not have access to your private key. However, public keys (which are not sensitive) are stored on the server to route messages.
Only you and the recipient can read the messages. WhatsApp (and Meta/Facebook) cannot read the content of your messages if they are properly encrypted. This applies to text, images, videos, voice messages, and calls (including group chats).
WhatsApp’s code is not public. The app generates the private keys. The app has to have access to the private keys to decrypt your messages. Because the code is not public, no one has any idea if meta has ad hoc on demand access to the private key, or if they upload the private key to their servers.
If WhatsApp was open-source like signal, we wouldn’t be having this conversation. Until then, and based on metas know business practices, it’s safe to assume they have access to WhatsApp private keys.
Huh but WhatsApp’s server only stores public keys (to route messages). The server cannot decrypt the message because it lacks the private key which is stored locally on your phone? WhatsApp uses the Signal Protocol (developed by Signal Messenger), which is considered the gold standard for E2EE. This protocol ensures that keys are temporary and regularly refreshed.
Each user (and each device) has a unique key pair (public and private key). The recipient’s public key is used to encrypt messages. Only the recipient’s private key can decrypt them. The private keys (required to decrypt messages) remain locally on your device. WhatsApp’s servers do not have access to your private key. However, public keys (which are not sensitive) are stored on the server to route messages.
Only you and the recipient can read the messages. WhatsApp (and Meta/Facebook) cannot read the content of your messages if they are properly encrypted. This applies to text, images, videos, voice messages, and calls (including group chats).
WhatsApp’s code is not public. The app generates the private keys. The app has to have access to the private keys to decrypt your messages. Because the code is not public, no one has any idea if meta has ad hoc on demand access to the private key, or if they upload the private key to their servers.
If WhatsApp was open-source like signal, we wouldn’t be having this conversation. Until then, and based on metas know business practices, it’s safe to assume they have access to WhatsApp private keys.