[seabass]

To someone new to crypto, how do companies like WhatsApp implement their end-to-end encryption? Where are keys generated and how are they persisted in a way that allows messages to be re-read no matter what device users are running the app from but doesn't allow governments any chance at access to the keys?

[gjkood]

If you want to do the heavy lifting in understanding Cryptography, almost all the relevant documentation can be found at the following resource.

http://csrc.nist.gov/publications/PubsFIPS.html

A lot of the hard (math heavy) stuff used in modern cryptography has been published almost a couple of decades ago and good books are available on Amazon. I usually just buy them used as you get very good deals for books that have been published several years ago.

I would recommend Bruce Schneier's 'Applied Cryptography, Protocols, Algorithms and Source Code in C'. I was surprised to see the 20th Anniversary Edition is out now.

https://www.amazon.com/Applied-Cryptography-Protocols-Algori...

The math involved uses a lot of number theory (prime numbers, prime factorization, modulo computations, chinese remainder theorem, elliptic curves, etc)

Once you get a basic understanding of the math, you will find out why it is hard to find the keys (if properly generated) through brute force computer attacks.

[eosrei]

Whatsapp recently implemented the Signal encryption protocol used in Signal, a FOSS messaging app: https://whispersystems.org/blog/whatsapp-complete/ Source is here: https://github.com/WhisperSystems/Signal-Android

[shliachtx]

WhatsApp in particular only allows you to receive messages on one device. WhatsApp web accesses the messages from your phone.