Which key is used in WhatsApp encryption?

Poster: STANCOBRIDGE | Date: 12:09am, 4th Mar 2018. | Views: 98 | 1 Replies
Page 1 of 1
STANCOBRIDGE. Jalingo, Taraba
12:09am, 4th Mar 2018.

learnt and then cracked cryptography problems in CTFs

WhatsApp primarily uses Diffie-Hellman Key Exchange (the methods they use employ it). Some sprinkling of AES, hash functions on top of it, and boom! There you have your end-to-end encryption.

Well, let's think about it intuitively. You have a key, which is shared only among you and your contact. The message is encrypted and decrypted using that key.

This is precisely what happens in Diffie-Hellman Key Exchange. Since the key is shared only with you and your friend, WhatsApp server doesn't have to care about your keys (I doubt their servers, but ok that's something for another day).

You can read more about it on their white paper. [1]


On the other hand, Quora has to care about the key, because it has to share information with you and millions of other people, and it's hard to have one key for each guy, encrypt and decrypt this answer on both ends. This is where RSA comes into play.[2]


Gurasees Singh

B.Tech Computer Science & Cryptography, Punjab Engineering College,Chandigarh (2020)

Until recently, whatapp used to backup its messages in an SQLite3 database and used to store it in the whatsapp folder of your phone.With an increasing public awareness related to data privacy, whatsapp introduced an encryption algorithm named CRYPT12 which is used to encrypt its SQLite database.

The CRYPT12 algorithm is based on Advance encryption standards(AES) having a key size of 256 bits and block size of 128 bits.

Let me further explain the working of AES-256.

Unlike Data Encryption Standard(DES), AES is a sub-permutation network.

The input is XORed with a round key k1. Then, we go through a substitution layer where the blocks of current state are replaced by another block which is based on values of S-box. The result then undergoes through a permutation. This process continues till kn after which we get the output.Now, this complete process is invertible, unlike DES.

Anand Mishra

Founder at Allsafe Cybersecurity®

Please Refer this given link for better understanding:

WhatsApp servers do not have access to the private keys of WhatsApp users, and WhatsApp users have the option to verify keys in order to ensure the integrity of their communication. The Signal Protocol library used by

WhatsApp is Open Source, available here: signalapp/libsignal-protocol-java

Sai Gokula Krishnan

studied at Bharatiya Vidya Bhavan, Coimbatore

Whatsapp uses E2E Encryption, that is END 2 END ENCRYPTION.

In simple words, no one can view or sniff your WhatsApp messages except you as a sender and receiver.

Page 1 of 1
Write A Comment

Attachment: (jpg, gif, png)

Comment Box is loading comments...