5333 private links
I am asking this because WhatsApp says it is end-to-end encrypted.
-
Are there any problems with sending a public key through WhatsApp?
-
There might be some objections to sending symmetric and private keys.
Under what circumstances can I send symmetric and private keys?
E2EE doesn't protect data at rest. Unlike Signal, WhatsApp doesn't encrypt internal message database. A forensic analysis can recover deleted messages in plain text if the lock screen password is known. WhatsApp daily chat backup encrypts message database with AES-GCM-256 key which is known to WhatsApp service (see How can WhatsApp restore local or Google Drive Backups?). Although, the chat backup is not possessed by WhatsApp service but Google Drive does if Google Drive backup is enabled. There you have no control of how it is used by state surveillance.
Apps with accessibility permission can see the content on the screen.
Sending passwords through Signal is somewhat safer if you implicitly trust the security of the device. Signal encrypts the message database with database encryption key which is itself encrypted with a key stored in hardware backed keystore (android 7+). That leaves deleted messages unreadable from forensic recovery even if the lockscreen password is known.
Private keys shouldn't be sent in any cases. It shouldn't be even available to you for sharing.
