[sigmar]

Just tested myself and you're right. Seems like very bad behavior. Someone with temporary access to your phone could setup whatsapp-web to transfer the key to a PC they control, then remove whatsapp web so there's no longer any devices listed in "linked devices," and still maintain a copy of the key. Doesn't seem like doing this forces any change in device keys.

edit: Maybe I'm missing something in how the web device is provisioned (maybe treating it like a group chat with multiple keys?), but I don't see how it could decrypt messages intended for my phone without just getting a copy of the key

[aaomidi]

It’s not a copy of the key, it’s a separate key

[sigmar]

If it is a different key, wouldn't there be a "keys have changed" notification in my friend's chat window when I add a new whatsapp-web login? If the keys haven't changed whatsapp-web must be capable of decryption of messages meant for my device, no?

edit: Is there documentation somewhere? Makes no sense to me that my friend is encrypting with the same public key (before, during, and after whatsapp-web is provisioned), but somehow it is decrypted on a new device with a different key

[gene91]

Your primary key vouches for that secondary key. Therefore, the “keys have changed” dialog don’t pop up because the new key’s legitimacy is verified.

[sigmar]

AH, I see. Found it described pg 5-9 here too https://www.whatsapp.com/security/WhatsApp-Security-Whitepap...