Meta Advances Encryption Infrastructure for Backup Security: Over-the-Air Key Distribution and Deployment Transparency

Strengthening the Foundation of Encrypted Backups

End-to-end encrypted backups are a cornerstone of privacy for messaging platforms like WhatsApp and Messenger. Meta’s HSM-based Backup Key Vault provides the underlying infrastructure that ensures backed-up message history remains accessible only to the user—protected by a recovery code stored in tamper-resistant hardware security modules (HSMs). These HSMs are deployed as a geographically distributed fleet across multiple datacenters, with resilience achieved through majority-consensus replication. This design guarantees that neither Meta, cloud storage providers, nor any third party can access the encrypted backups.

Late last year, Meta simplified the process of enabling end-to-end encrypted backups using passkeys. Now, the company is rolling out two critical enhancements to further protect password-based encrypted backups: over-the-air fleet key distribution for Messenger and a commitment to publishing evidence of secure fleet deployments.

Over-the-Air Fleet Key Distribution for Messenger

To establish a secure session with an HSM fleet, a client must first validate the fleet’s public keys. In WhatsApp, these keys are hardcoded directly into the application. However, for Messenger—where new HSM fleets need to be deployed without requiring users to update their app—Meta built a mechanism to distribute fleet public keys over the air as part of the HSM response.

How the Validation Bundle Works

When a Messenger client connects to an HSM fleet, it receives a validation bundle that contains the fleet’s public keys. This bundle is signed by Cloudflare and counter-signed by Meta, providing independent cryptographic proof of its authenticity. Cloudflare further maintains an audit log of every validation bundle issued, enabling ongoing verification. The complete validation protocol is detailed in the whitepaper, “Security of End-To-End Encrypted Backups.”

• Independent verification: Two-party signing ensures no single entity can forge a bundle.
• No app update required: New fleets can be deployed seamlessly for Messenger users.
• Auditability: Cloudflare’s audit log provides a transparent record of all key distributions.

More Transparent Fleet Deployment

Transparency is essential to demonstrating that Meta’s HSM fleet operates as designed and that the company cannot access users’ encrypted backups. Starting now, Meta will publish evidence of the secure deployment of each new HSM fleet on this blog page. New fleet deployments are infrequent—typically no more than every few years—but each one represents a critical point of trust.

Verification Steps for Users

Any user can independently verify that a new fleet has been deployed securely by following the steps outlined in the Audit section of the whitepaper. This commitment cements Meta’s leadership in the space of secure encrypted backups.

1. Download the published deployment evidence from the blog.
2. Follow the cryptographic verification procedures in the whitepaper.
3. Confirm that the fleet’s public keys match the attested values.

Read the Full Technical Specification

For a deeper dive into the HSM-based Backup Key Vault, including the complete cryptographic protocols, threat model, and audit guidelines, refer to the official whitepaper: “Security of End-To-End Encrypted Backups.”