{"id":20224,"date":"2023-04-13T05:59:32","date_gmt":"2023-04-13T12:59:32","guid":{"rendered":"https:\/\/engineering.fb.com\/?p=20224"},"modified":"2025-11-20T09:11:50","modified_gmt":"2025-11-20T17:11:50","slug":"whatsapp-key-transparency","status":"publish","type":"post","link":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/","title":{"rendered":"Deploying key transparency at WhatsApp"},"content":{"rendered":"<ul>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">WhatsApp has launched a <a href=\"https:\/\/www.whatsapp.com\/security\/WhatsApp-Key-Transparency-Whitepaper.pdf\" target=\"_blank\" rel=\"noopener\">new cryptographic security feature<\/a> to automatically verify a secured connection based on key transparency.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The feature requires no additional actions or steps from users and helps ensure that a conversation is secure.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Key transparency solutions help strengthen the guarantee that end-to-end encryption provides to private, personal messaging applications in a transparent manner available to all.\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">We have published an open-source library called <\/span><a href=\"https:\/\/github.com\/facebook\/akd\/\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">Auditable Key Directory (AKD)<\/span><\/a><span style=\"font-weight: 400;\">. This enables anyone to verify audit proofs of the directory\u2019s correctness. This underpins our key transparency deployment.<\/span><\/li>\n<\/ul>\n<p><span style=\"font-weight: 400;\">End-to-end encryption is the foundation of private messaging on WhatsApp, helping to ensure that only you and the person you&#8217;re communicating with can read what&#8217;s sent, and nobody in between, not even WhatsApp. It is among the most widely used deployments of end-to-end encryption and relies on public key cryptography first developed in the 1970s. From a technical point of view, for end-to-end encryption to be trusted, the \u201cends\u201d of a conversation need to know that one another\u2019s encryption keys are authentic and valid.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">To do so, our most security conscious users have always been able to take advantage of our <\/span><a href=\"https:\/\/faq.whatsapp.com\/820124435853543\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">security code verification feature<\/span><\/a><span style=\"font-weight: 400;\"> available under a user\u2019s contact info. When in person, keys can be validated with a quick QR code scan or, if remote, sharing the unique 60-digit code.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This is the one of the strongest ways of verifying if a connection is secure. But in reality we know that double checking a long code is cumbersome, and our team has been looking at ways to make this easier for some time.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">We\u2019re excited to introduce a new cryptographic security feature to automatically verify a secure connection without the need for this long code. To do so, we\u2019re building on key transparency by developing a new <\/span><span style=\"font-weight: 400;\">Auditable Key Directory (AKD)<\/span><span style=\"font-weight: 400;\">, which is based on an <\/span><a href=\"https:\/\/github.com\/facebook\/akd\" target=\"_blank\" rel=\"noopener\"><span style=\"font-weight: 400;\">open-sourced library<\/span><\/a><span style=\"font-weight: 400;\">. The AKD will enable WhatsApp clients to automatically validate that a user\u2019s encryption key is genuine and enables anyone to verify audit proofs of the directory\u2019s correctness.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Our approach to key transparency is two-pronged and introduces two new components: <\/span><span style=\"font-weight: 400;\">\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The server (WhatsApp) maintains an append-only AKD of public keys mapped to user accounts.<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">A third-party audit record, wherein any change in the server directory is recorded in a publicly available, privacy-preserving audit record for anyone to verify.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">With these two additions, users can automatically verify their conversation security thanks to the WhatsApp directory. As this is rolled out, security-conscious users who utilize the verify security code page will notice this verification process occurs quickly and automatically.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This system is a new service provided by WhatsApp that relies on public auditing to verify the end-to-end encryption status of personal conversations. While this system provides easy and convenient verification tools to our users, those who wish to verify their end-to-end encrypted sessions without utilizing WhatsApp servers at all are encouraged to utilize the traditional security code verification process in addition to this new automated process.\u00a0\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The public keys are only a tool that users have to encrypt their messages. The private key \u2013 which is used to decrypt messages \u2013 is on user devices. Nobody \u2013 not even WhatsApp \u2013 has access to those private keys. A list of public keys alone cannot provide access to anyone\u2019s content.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How the \u201cVerify Security Code\u201d page works<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">The crux of end-to-end encrypted messaging is public\/private key pairs. The private key is what you utilize to decrypt your messages sent from another party and never leaves your device. The public key, however, is what you give to others so they can encrypt messages. This is done by first giving the key to WhatsApp, where we store it on your behalf and give it to users who wish to message you.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">The classic concern that end-to-end encryption was designed to guard against is a person-in-the-middle attack where you <\/span><i><span style=\"font-weight: 400;\">think<\/span><\/i><span style=\"font-weight: 400;\"> you\u2019re talking to just one user; however, you\u2019re actually talking to a middle-man attacker, who provides an incorrect public key so that they hold the private key and can read your messages. The attacker may then use the correct public key for your contact, re-encrypt the message with it, and send it to the user. <\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\"><br \/>\n<\/span><span style=\"font-weight: 400;\">What stops this today? WhatsApp has a <\/span><i><span style=\"font-weight: 400;\">Security Page<\/span><\/i><span style=\"font-weight: 400;\"> for each contact that has a QR code and a 60-digit number that can be verified outside of WhatsApp to make sure it matches what your contact sees on their device. In short, it\u2019s a unique hash of both your public keys and their public keys, so if either of you have the wrong value, the hashes won\u2019t match. When they do match this confirms a secure, end-to-end encrypted conversation.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">What\u2019s the problem key transparency is fixing?<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">While providing a strong guarantee of security, the QR code scanning\/number matching feature requires communicating with your contacts outside of WhatsApp \u2013 whether it\u2019s over a video-call, in real-life, on the phone, etc. This is:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Difficult to do in 1:1 communications, especially as users change devices (and therefore encryption keys) over time;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Even harder in small groups, since each <\/span><i><span style=\"font-weight: 400;\">pair<\/span><\/i><span style=\"font-weight: 400;\"> of participants has a unique code (there are no \u201cgroup\u201d codes);\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Is near-impossible to perform in large groups. Every time someone joins or leaves, enrolls a new companion device, changes their phone, etc. this needs to be redone for all participants. For example, in a group of 100 people, that\u2019s 4950 pairs of security verifications.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">Ideally, this wouldn\u2019t be a manual process and could be verified through some kind of automated flow.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Enter <\/span><b>key<\/b> <strong>transparency<\/strong>: A <span style=\"font-weight: 400;\">protocol in which we establish an AKD on WhatsApp that maintains a record of public key changes. Additionally, we\u2019ve established a third-party public repository of auditable change logs to the directory that updates whenever there\u2019s additions to the directory. This is vital for transparency and to further strengthen our end-to-end encrypted guarantee. In effect, this confirms that the same public keys a user uses to contact a recipient are the same ones that everybody else also uses to communicate with the recipient.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Although key transparency does not substitute QR code scanning, it enhances and complements it in the following ways:<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">QR code scanning requires two people to coordinate out-of-band verification. In contrast, key transparency requires only a single client to initiate and perform a check against the directory, thus improving accessibility of the check process;<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Key transparency serves as a public key consistency mechanism when manual QR code verification is impractical (for example in large group communication scenario);\u00a0<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">It also serves as a lightweight first-check of end-to-end encryption, which improves adoption of end-to-end encryption checks to more users, benefiting messaging security at-large.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">In the event that the automatic check returns a result showing that the connection may not be secure, we recommend users proceed with the manual security verification check.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">The history of key transparency<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Key transparency describes a protocol in which the server maintains an append-only record of the mapping between a user\u2019s account and their public identity key. <\/span><span style=\"font-weight: 400;\">This allows the generation of <\/span><i><span style=\"font-weight: 400;\">inclusion<\/span><\/i><span style=\"font-weight: 400;\"> proofs to assert that a given mapping exists in the directory at the time of the most recent update.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">WhatsApp\u2019s realization of key transparency is based on the original academic works on key transparency, starting with <\/span><a href=\"https:\/\/eprint.iacr.org\/2014\/1004.pdf\"><span style=\"font-weight: 400;\">CONIKS<\/span><\/a><span style=\"font-weight: 400;\"> and <\/span><a href=\"https:\/\/eprint.iacr.org\/2018\/607.pdf\"><span style=\"font-weight: 400;\">SEEMless<\/span><\/a><span style=\"font-weight: 400;\">, with extensions from a recent paper called <\/span><a href=\"https:\/\/eprint.iacr.org\/2023\/081.pdf\"><span style=\"font-weight: 400;\">Parakeet<\/span><\/a><span style=\"font-weight: 400;\">. Together, this resulted in the Rust <\/span><a href=\"https:\/\/github.com\/facebook\/akd\/\"><span style=\"font-weight: 400;\">AKD<\/span><\/a><span style=\"font-weight: 400;\"> crate, which serves as the foundation for maintaining a key transparency solution along with generating inclusion and key history proofs from the directory. WhatsApp is hosting this AKD directory as an infrastructure available to all of our users.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Public keys cannot be used to decrypt a user\u2019s messages or determine who you\u2019ve been talking to. They are, however, necessary to make sure that someone is sending a message to the intended recipient by encrypting messages that only the holder of the public key\u2019s associated private key can read.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">A user may have many entries as they update their key over time. At WhatsApp\u2019s scale this equates to billions of entries continually growing over time. When a user deletes their account, we remove all of the public keys for that account, but the fact a key existed at a point in time is immutable (we just can\u2019t say what the key was).<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">How does key transparency work?<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">Security on principle<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">From a core design choice, multiple factors helped us decide to enhance the openness and security of this project. <\/span><a href=\"https:\/\/github.com\/facebook\/akd\"><span style=\"font-weight: 400;\">First off, the AKD, with all of its proof generation and verification logic, is open-source code.<\/span><\/a><span style=\"font-weight: 400;\"> This is a <a href=\"https:\/\/engineering.fb.com\/2021\/04\/29\/developer-tools\/rust\/\" target=\"_blank\" rel=\"noopener\">Rust<\/a>-based crate (library) for any entity that wants to manage an append-only directory with a publicly verifiable log or verify append-only audit proofs and participate as a public auditor of WhatsApp\u2019s key transparency solution. A list of public keys alone cannot provide access to anyone\u2019s content.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This library allows for the system to provide a significant guarantee on the correctness of the directory entries while not compromising security by being vulnerable to memory-based attacks. Additionally, we stuck with the decision to utilize Rust in most of the internal components outlined below.\u00a0<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">Applying AKD to WhatsApp<\/span><\/h2>\n<h3><span style=\"font-weight: 400;\">High-volume key changes\u00a0<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">WhatsApp deals with tens of thousands of key changes (registration, re-registration, etc.) per minute. This kind of volume is difficult to deal with when trying to insert into an append-only log.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Therefore, we decided to implement a distributed, high-throughput queue where \u201cpending changes\u201d live prior to being gathered together into a batch and inserted to form the next epoch. This allows us to do far larger batch inserts and greatly limits the number of database operations we need to make.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">Since the changes to the AKD are additive based on the previous <\/span><i><span style=\"font-weight: 400;\">epoch<\/span><\/i><span style=\"font-weight: 400;\"> we need to make sure that only a single update occurs at a time. A single processor, sequentially handling each update one-by-one, wouldn\u2019t be able to keep up with the rate of changes within WhatsApp (no matter the database implementation). This adds some latency from the time a key is added or updated to when it\u2019s \u201cpublished\u201d in the directory.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">By batching keys together and making an <\/span><i><span style=\"font-weight: 400;\">epoch<\/span><\/i><span style=\"font-weight: 400;\"> a collection of changes committed atomically, we can benefit from a lot of query optimizations due to many shared paths in the Merkle Tree stored in the database. The frequency to publish and emit new <\/span><i><span style=\"font-weight: 400;\">epochs<\/span><\/i><span style=\"font-weight: 400;\"> is a tunable parameter that may be adjusted over time.<\/span><\/p>\n<h3><span style=\"font-weight: 400;\">Public auditing at scale<\/span><\/h3>\n<p><span style=\"font-weight: 400;\">The general requirement for all transparency solutions is to be <\/span><i><span style=\"font-weight: 400;\">publicly auditable<\/span><\/i><span style=\"font-weight: 400;\">, meaning that anyone, should they want to, can verify the transactions on the directory to assert that:\u00a0<\/span><\/p>\n<ol>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">The history hasn\u2019t been changed (existing records aren\u2019t deleted or updated).<\/span><\/li>\n<li style=\"font-weight: 400;\" aria-level=\"1\"><span style=\"font-weight: 400;\">Changes are append-only.<\/span><\/li>\n<\/ol>\n<p><span style=\"font-weight: 400;\">When publishing a new change to the AKD, we emit an audit proof of those changes that is put into public storage for anyone interested. These audit records guarantee the properties of immutable history for anyone to verify should they want to while preserving the privacy of all users in the directory.\u00a0<\/span><\/p>\n<p><span style=\"font-weight: 400;\">This does not risk anyone&#8217;s actual info from being public, nor does it reveal any patterns of behavior for any users. You can read more about how this privacy guarantee works as outlined in <\/span><a href=\"https:\/\/eprint.iacr.org\/2018\/607.pdf\"><span style=\"font-weight: 400;\">SEEMless<\/span><span style=\"font-weight: 400;\"> and<\/span><\/a> <a href=\"https:\/\/eprint.iacr.org\/2023\/081.pdf\"><span style=\"font-weight: 400;\">Parakeet<\/span><\/a><span style=\"font-weight: 400;\">, the academic works from which key transparency is based off.<\/span><\/p>\n<h2><span style=\"font-weight: 400;\">WhatsApp\u2019s key transparency rollout<\/span><\/h2>\n<p><span style=\"font-weight: 400;\">Key transparency solutions help strengthen the guarantee that end-to-end encryption provides to private personal messaging applications in a transparent manner available to all. This technology underpins WhatsApp commitment and leadership in the security domain.<\/span><\/p>\n<p><span style=\"font-weight: 400;\">WhatsApp is already hosting and operating an AKD for all of our users, regardless of the version or platform of the application you\u2019re utilizing. Users who utilize the verify security code function will start to notice that the verification is automatic as this rolls out on Android in the coming months.* This is an important mechanism that empowers security-conscious users to verify an end-to-end encrypted personal conversation quickly.\u00a0<\/span><\/p>\n<h2>Read the whitepaper<\/h2>\n<p><span style=\"font-weight: 400;\">Read the <a href=\"https:\/\/www.whatsapp.com\/security\/WhatsApp-Key-Transparency-Whitepaper.pdf\" target=\"_blank\" rel=\"noopener\">WhatsApp Key Transparency Overview whitepaper<\/a> for a more technical deep-dive that goes through potential attacks, additional details on data-flows, and formats.<\/span><\/p>\n<p><small><em>*UPDATE: Key Transparency is now fully available on WhatsApp for Android and iOS.<\/em><\/small><\/p>\n","protected":false},"excerpt":{"rendered":"<p>WhatsApp has launched a new cryptographic security feature to automatically verify a secured connection based on key transparency.\u00a0 The feature requires no additional actions or steps from users and helps ensure that a conversation is secure.\u00a0 Key transparency solutions help strengthen the guarantee that end-to-end encryption provides to private, personal messaging applications in a transparent [&#8230;]<\/p>\n<p><a class=\"btn btn-secondary understrap-read-more-link\" href=\"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/\">Read More&#8230;<\/a><\/p>\n","protected":false},"author":51,"featured_media":20228,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[4,5,174,47],"tags":[1687],"coauthors":[1892,339],"class_list":["post-20224","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-android","category-ios","category-open-source","category-security","tag-whatsapp","fb_content_type-article"],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v19.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>Deploying key transparency at WhatsApp - Engineering at Meta<\/title>\n<meta name=\"description\" content=\"With key transparency, WhatsApp provides a set of proofs that affirms the correctness of public encryption keys.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Lawlor, Kevin Lewi\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"10 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/\"},\"author\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#author\",\"name\":\"\"},\"headline\":\"Deploying key transparency at WhatsApp\",\"datePublished\":\"2023-04-13T12:59:32+00:00\",\"dateModified\":\"2025-11-20T17:11:50+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/\"},\"wordCount\":2045,\"publisher\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg\",\"keywords\":[\"WhatsApp\"],\"articleSection\":[\"Android\",\"iOS\",\"Open Source\",\"Security &amp; Privacy\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/\",\"url\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/\",\"name\":\"Deploying key transparency at WhatsApp - Engineering at Meta\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg\",\"datePublished\":\"2023-04-13T12:59:32+00:00\",\"dateModified\":\"2025-11-20T17:11:50+00:00\",\"description\":\"With key transparency, WhatsApp provides a set of proofs that affirms the correctness of public encryption keys.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#primaryimage\",\"url\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg\",\"contentUrl\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/04\\\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg\",\"width\":1920,\"height\":1080},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/2023\\\/04\\\/13\\\/security\\\/whatsapp-key-transparency\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/engineering.fb.com\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Deploying key transparency at WhatsApp\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#website\",\"url\":\"https:\\\/\\\/engineering.fb.com\\\/\",\"name\":\"Engineering at Meta\",\"description\":\"Engineering at Meta Blog\",\"publisher\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/engineering.fb.com\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#organization\",\"name\":\"Meta\",\"url\":\"https:\\\/\\\/engineering.fb.com\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Meta_lockup_positive-primary_RGB.jpg\",\"contentUrl\":\"https:\\\/\\\/engineering.fb.com\\\/wp-content\\\/uploads\\\/2023\\\/08\\\/Meta_lockup_positive-primary_RGB.jpg\",\"width\":29011,\"height\":12501,\"caption\":\"Meta\"},\"image\":{\"@id\":\"https:\\\/\\\/engineering.fb.com\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/www.facebook.com\\\/Engineering\\\/\",\"https:\\\/\\\/x.com\\\/fb_engineering\"]},[]]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Deploying key transparency at WhatsApp - Engineering at Meta","description":"With key transparency, WhatsApp provides a set of proofs that affirms the correctness of public encryption keys.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/","twitter_misc":{"Written by":"Sean Lawlor, Kevin Lewi","Est. reading time":"10 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#article","isPartOf":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/"},"author":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#author","name":""},"headline":"Deploying key transparency at WhatsApp","datePublished":"2023-04-13T12:59:32+00:00","dateModified":"2025-11-20T17:11:50+00:00","mainEntityOfPage":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/"},"wordCount":2045,"publisher":{"@id":"https:\/\/engineering.fb.com\/#organization"},"image":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#primaryimage"},"thumbnailUrl":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/04\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg","keywords":["WhatsApp"],"articleSection":["Android","iOS","Open Source","Security &amp; Privacy"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/","url":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/","name":"Deploying key transparency at WhatsApp - Engineering at Meta","isPartOf":{"@id":"https:\/\/engineering.fb.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#primaryimage"},"image":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#primaryimage"},"thumbnailUrl":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/04\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg","datePublished":"2023-04-13T12:59:32+00:00","dateModified":"2025-11-20T17:11:50+00:00","description":"With key transparency, WhatsApp provides a set of proofs that affirms the correctness of public encryption keys.","breadcrumb":{"@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#primaryimage","url":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/04\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg","contentUrl":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/04\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg","width":1920,"height":1080},{"@type":"BreadcrumbList","@id":"https:\/\/engineering.fb.com\/2023\/04\/13\/security\/whatsapp-key-transparency\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/engineering.fb.com\/"},{"@type":"ListItem","position":2,"name":"Deploying key transparency at WhatsApp"}]},{"@type":"WebSite","@id":"https:\/\/engineering.fb.com\/#website","url":"https:\/\/engineering.fb.com\/","name":"Engineering at Meta","description":"Engineering at Meta Blog","publisher":{"@id":"https:\/\/engineering.fb.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/engineering.fb.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/engineering.fb.com\/#organization","name":"Meta","url":"https:\/\/engineering.fb.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/engineering.fb.com\/#\/schema\/logo\/image\/","url":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/08\/Meta_lockup_positive-primary_RGB.jpg","contentUrl":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/08\/Meta_lockup_positive-primary_RGB.jpg","width":29011,"height":12501,"caption":"Meta"},"image":{"@id":"https:\/\/engineering.fb.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Engineering\/","https:\/\/x.com\/fb_engineering"]},[]]}},"jetpack_featured_media_url":"https:\/\/engineering.fb.com\/wp-content\/uploads\/2023\/04\/Eng-Blog-Self-Serve-Hero-Images-PRIVACY-101-TealeLight.jpg","jetpack_shortlink":"https:\/\/wp.me\/pa0Lhq-5gc","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/posts\/20224","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/users\/51"}],"replies":[{"embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/comments?post=20224"}],"version-history":[{"count":12,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/posts\/20224\/revisions"}],"predecessor-version":[{"id":23284,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/posts\/20224\/revisions\/23284"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/media\/20228"}],"wp:attachment":[{"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/media?parent=20224"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/categories?post=20224"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/tags?post=20224"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/engineering.fb.com\/wp-json\/wp\/v2\/coauthors?post=20224"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}