Have a look at the pic above. Seems Familiar?
Now, who would not have seen this thing?? Tap for more info! But have you ever done that? Actually tapped I mean? To save you the hard work, this concerns WhatsApp encryption (they call it end to end encryption).
“Our WhatsApp messages are end to end encrypted by using “The Signal Protocol” to prevent any kind phising illegit in between two nodes.”
Now what the heck was that?? Too tacky… wasn’t it? Mind explaining for a layman like me??
OK! So, that is what we are going to do out here. Break the so-called “WhatsApp encryption” bit by bit( yea! am a CS nerd😉) and get to know all we need to know about this amazing feature of our favorite app!
But before we get the whole melodrama, let’s do something interesting. Lets…..
Verify your End to End encryption Keys
If you say this seems new to you ( other than the top Greens of WhatsApp ), seriously man, you need to hype up your curiosity level. This is my key for WhatsApp encryption between me and Sid! ( What is a Key? a little later on that).
Anyways, let’s follow me but only after you have got your friend by your side with his phone!
Just hit any contacts info (the I button when you see someone’s display picture) and you get to see the word Encryption just below “Custom notifications”. Click on it and you get a to see QR code screen with some numbers like the one above! Do the same thing on the phone of the guy with whom you plan to verify the keys and get to the same screen.
Scan your phone’s QR code using the SCAN CODE button on right bottom of the friends phone and Voila!!
Did you just get a big green tick on your screen? (Too much of Green, isn’t it!) If yes, then messages between you and your friend are encrypted.( Again, what is that? Just Keep reading!)
(Wondering what kind of name Matru is🤔🤔?? Me too…that’s my roomie BTW!)
Anyways, just so you know, you could have simply also compared that 60 number code below the QR. That is actually the Encryption Key!
That being done, let’s get to know what we actually did out here…
WhatsApp Encryption – What and Why?
Just imagine, you just sent the id and password for your internet banking account to your friend to transfer some funds while you are abroad a train and a so-called Good Signal is the last thing you are getting. Don’t we do that very often?
So, this message of yours goes to WhatsApp servers before it reaches your friend. There are a lot many chances that some stranger sitting out there, on a lookout for a term like PASSWORD can simply view this message and unfortunately, not everyone is a saint as me😉. You are doomed for sure🙄.
So, to avoid such a situation the basic idea is to change the text you have sent to something gibberish as soon as it leaves your phone and somehow make a sense out of it again once it reaches the phone of the intended friend. Let any Stranger read your Id and password, all he gets is gibberish, and really a lot of it!! On your face stranger🤓😝.
This is what we call as Encryption – changing message to gibberish!
And what your friend’s phone does (the other way round ) is Decryption– changing gibberish to message!
WhatsApp Encryption – How?
Disclaimer– Man its gonna get intense now!😟😟 Too too too technical. Am gonna try to be go as easy on you as possible. If you do get the whole thing with all tech jargon, KUDOS TO AJEET!!😎😎
According to this official White Research Paper from Facebook – here – (Click only if you ever actually get to understand a research paper – at your own risk. Not my glass of lassi!).
Anyways, back to our this thing! According to this official source, these guys use the so-called “The Signal Protocol”, designed by Open Whisper Systems, to carry out this WhatsApp encryption. This was started in early April of 2016. Yea! Before that, we used to send messages without any security and any stranger could have seen that password of yours😏.
After getting over with this history class, lets answer the question of HOW?
To convert “Kakkar Sisters Rock!” to $3ash#jkfda8jlda ( any gibberish ) and then back to “Kakkar Sisters Rock!” ( Yea! am all about music)
Its time i just get you acquainted with some keywords out here…
- KEY – just some random numbers( in our case its the set of those 60 numbers you saw below the QR code)
- PUBLIC KEY – everyone knows this- you, your friend, WhatsApp guys, that stranger
- PRIVATE KEY – only your freind knows it ( i mean his WhatsApp app’s coding on his phone)
Just about nothing. But do get your grey matter!
(Have a look at this and observe. If you are using a smartphone, its gotta be too small for your eyes
(damn my compression tool😡😡), open it in a new tab, zoom and look at it, then only move forward)
STEP 1 : We use an algorithm (a simple logic which i won’t discuss out here, not becoz you won’t get it, just becoz, i also didn’t get it😉😉) and do some calculations on each letter of “Kakkar Sisters Rock!” using our PUBLIC KEY.
STEP 2 : We get $3ash#jkfda8jlda as result of the step 1. It is to be noted that the message is still on your phone only. The algorithm was is such a way that only it can be made sense out of if PRIVATE KEY is used.
STEP 3 : Now, $3ash#jkfda8jlda leaves your phone, travels through WhatsApp servers and lands at your friends phone with those double ticks.
STEP 4 : Algorithm uses the PRIVATE KEY stored on your friends phone, does some calculations on each letter of $3ash#jkfda8jlda and converts its back to “Kakkar Sisters Rock!“.
STEP 5: Those grey ones get converted to Blue ones (u know what i mean😉)
The starnger in between gets a $3ash#jkfda8jlda. Once again on your face stranger😝😝!
Jokes apart, the trick out here is that the PRIVATE KEY is not known to anyone and that is the only way the message can be read properly. So, its only your friend who gets to know that “Kakkar Sisters Rock!“.
Kakkar Sisters Rock! Now isn’t this becoming too much of it. BTW they are neha and sonu, jsut in case you are wondering who these sisters are🙃.
If you one of those who does get all this technical terminology, I recommend you read this fabsome post by Sid, wherein you get to know the step 1 and 3 in perfect detail. Click out here.
If you are a smart student (like me obviously😎), you must have got this doubt. If, i am using a public key and my friend uses a private one, how come the keys we just verified above are exactly the same on both the ends. For this, the official WhatsApp FAQ page says that these are…..
Well, I will quote the exact words-
“Security codes are just visible versions of the special key shared between you – and don’t worry, it’s not the actual key itself, that’s always kept secret.”
Got more doubts?? Put them in the comments section and we will try to break them down together!
(Just be subtle one me😉). Till then…