The connection between the Browser and the phone is fully qualified TLS: Authentication and PFS included.WhatsApp Web authenticates towards the phone using the initially generated keypair (thus relying on the trust established earlier). The messages you send and receive are synced between your phone and computer, and you can see your messages on both devices. With this action, you will be logged out from all the active sessions of your WhatsApp web hence stopping someone from using your WhatsApp Web. Go to WhatsApp Web, where you can see WhatsApp web active sessions with the last active time. When WhatsApp Web is to be used, a TLS connection to the phone is established (probably proxied by WhatsApp to overcome Firewall and NAT issues). WhatsApp Web and Desktop are computer-based extensions of the WhatsApp account on your phone. Open WhatsApp on your phone and tap on the three vertical dots.WhatsApp is free and offers simple, secure, reliable messaging and calling, available on phones all over the world. This establishes trust between phone and browser installation: the fact that the user scanned the QR code implies that the user trusts the browser. WhatsApp Messenger: More than 2 billion people in over 180 countries use WhatsApp to stay in touch with friends and family, anytime and anywhere. Scanning the QR code exchanges the fingerprint of the said keypairs public key.When first opening WhatsApp Web a key pair for asymmetric encryption/signing is generated (and stored in the local storage of the browser.I dont know details about the protocol, but this is what i suspect (or how i would implement it): The messages you send through WhatsApp Web are encrypted by the WebClient, decrypted by the phone, then re-encrypted to fit the end-to-end scheme and then sent to the recipient. Correct: The Web-Client is establishing a secure connection to the phone.
0 Comments
Leave a Reply. |