The AES-GCM-256
key is stored and generated by WhatsApp server and is sent to the client. When a user signs in to new device, it retrieves the key from the server and decrypts the backup. That key is then reused again to encrypt daily chat backups. WhatsApp service might rotate the key for the client after some period of time. If the user doesn’t want to restore the backup, then the new key is generated by the server. If you delete the key, new key is generated and sent to the client when you reopen the app.
Older keys are still kept on server in case you want to decrypt older chat backups.
Whereas, Signal encrypts the backup with AES-CTR-256
key derived from the randomly generated pasword with 250,000
rounds of SHA-512
. User is required to save this password.