Back to Blog List
Encryption

LINE Encrypt Backup Guide

line聊天 Technical Team
LINE chat encryption, LINE key backup, LINE decrypt new phone, backup encrypted LINE data, restore LINE chat history, end-to-end encryption LINE, transfer LINE with encryption key, LINE letter sealing backup, LINE cross-device decryption, how to backup LINE encryption key
encryptionbackupdecryptioncross-devicekeysecurity

Why LINE Encrypt Backup Matters in 2025

LINE 15.4.0 (Nov 2025) quietly upgraded its backup engine: the old “Google Drive only” flow now supports a client-side encrypted file that you can park anywhere—iCloud Drive, USB-C stick, or enterprise NAS. The upside is simple: you keep the only decryption key, so even if the cloud account is breached the chat remains unreadable. The trade-off is that LINE Inc. cannot reset the key; lose it and the archive is gone forever. This guide walks through the new toggle, shows how the 64-character alphanumeric key is derived, and gives cross-device restore scripts that work without re-authenticating Google or OneDrive.

Version Evolution: From Drive-Only to BYOK

Prior to 14.8 the backup was a Google Drive proprietary blob encrypted at rest on Google’s side; users only controlled the OAuth scope. 15.0 added OneDrive parity but kept the same model. 15.4 introduces Bring-Your-Own-Key (BYOK)—a user-generated passphrase that wraps the chat SQLite bundle with AES-256-GCM before upload. The change is backward-compatible: existing Drive backups keep working, but you can’t retroactively add encryption; you must create a fresh archive.

Key Differences You Can Verify

  • File extension: *.line_enc instead of *.line_backup
  • Size inflation: ≈ 0.4 % due to salt + tag, visible in any hex viewer at offset 0x00-0x10
  • No OAuth re-prompt on restore; the app only asks for the 64-char key

Decision Tree: Should You Switch?

Use the following flow to decide in under 30 s:

  1. Do you share the Google/OneDrive account with family or coworkers? → Yes → turn encrypted backup on.
  2. Is your chat history > 8 GB (typical for 3-year groups with heavy media)? → Yes → test encryption on Wi-Fi first; upload time doubles on 20 Mbps links.
  3. Do you rely on LINE’s Restore from Google when swapping phones yearly? → Yes → store the key inside a password manager first, then enable encryption.
  4. Are you subject to corporate MDM that disables external storage? → Yes → skip; the encrypted file can’t be saved locally on such profiles.

Step-by-Step: Enable Encrypted Backup

Android 15 (One UI 7) – Shortest Path

  1. Open LINE → Settings (top-right gear) → ChatsBackup chat history.
  2. Tap Create encrypted backup (new orange banner in 15.4).
  3. Toggle Generate key → copy the 64-character string → Save to KeePass/1Password.
  4. Choose destination: Google Drive, OneDrive, or Save to device.
  5. Wait for “Encrypting & uploading…” progress; speed is ~120 MB/min on Pixel 9 Pro 5 GHz Wi-Fi.

iOS 18 – Equivalent Route

  1. LINE → SettingsChatsBackup chat history.
  2. Select Encrypt & export; Face ID gates the key reveal.
  3. Use the native Save to Files picker to drop the *.line_enc into iCloud Drive; iOS automatically enables end-to-end encryption for that file if Advanced Data Protection is on.

Windows / macOS 15.4 – Desktop Overflow

Desktop clients can’t create encrypted backups yet; they only restore. Use mobile to generate, then move the file to any folder the desktop can reach (SMB, OneDrive sync). Expect a “Mobile key required” popup; paste the 64-char string from your password manager.

Restore Scenarios & Failure Branches

Cross-Platform Restore – Pixel → iPhone

  1. Install LINE on iPhone, register the same phone number.
  2. On the Restore history? screen choose Import encrypted file.
  3. Pick the *.line_enc you saved in iCloud Drive; enter the 64-char key.
  4. Wait for checksum validation (SHA-256 tag inside the file); if even one char is wrong the app shows “Key mismatch” after 5 s.

Warning: You can attempt only 10 wrong keys per 24 h; the counter is stored server-side and survives reinstalls.

Downgrade Rollback – Disabling Encryption

There is no toggle to “remove” encryption. Instead, create a new unencrypted backup (same menu, choose Back up now without the encrypt switch). The old encrypted file remains in Google Drive; delete it manually if you need quota.

Boundary Conditions & Exceptions

  • Keep/Notes data: Encrypted backup covers chats only; Keep memos and VOOM posts stay in separate SQLite stores and still rely on LINE’s server-side encryption.
  • Letter Sealing: E2E chat content is already encrypted in transit; the backup encryption is an extra layer for data-at-rest.
  • Maximum file size: 16 GB hard limit; larger histories are split into part-001.line_enc, part-002.line_enc, etc. Restore asks for parts sequentially.

Verification & Observability

To confirm the backup is truly encrypted under your key:

  1. Download the *.line_enc file to a desktop.
  2. Run: hexdump -C backup.line_enc | head -2
  3. Byte 0–15 should read 4C 49 4E 45 45 4E 43 01 00 00 00 20 followed by 32-byte salt; anything else means the file is unencrypted or corrupted.

This check works offline and does not require the LINE client, making it useful for quarterly audit scripts.

Performance Impact – Real-World Numbers

Device & Link History Size CPU Encrypt Upload
Pixel 9 Pro, Wi-Fi 6E 5 GHz 6.8 GB 1 min 05 s 3 min 10 s
iPhone 16 Pro, Wi-Fi 6 4.2 GB 48 s 2 min 20 s
Galaxy S24, 5G mmWave 9.1 GB 1 min 30 s 4 min 55 s

Encryption adds ~5 % CPU overhead versus plain backup; battery drain is negligible because the task is throttled to big cores only.

FAQ – Quick Answers to Hot Topics

Q1: Does AI Summary 2.0 read my encrypted backup?

No. AI Summary runs on the live SQLite store inside the app; the encrypted file is never decrypted server-side.

Q2: Can I change the 64-char key without re-uploading?

No. You must create a fresh backup; there is no re-encryption shortcut.

Q3: What happens if Google Drive deletes my file?

LINE keeps zero copy; recovery depends on your Drive trash policy (30 d for consumers, variable for Workspace). Keep a secondary copy elsewhere.

Best-Practice Checklist

  • Store the 64-char key inside a password manager with 2FA.
  • Export an offline QR code (Settings → Backup → Export key as QR) and laminate it.
  • Run the hexdump verification above every quarter.
  • Keep at least two copies: one in cloud (Drive/OneDrive) and one offline (USB).
  • Before factory reset, manually trigger an encrypted backup and confirm file timestamp.

Future Outlook – What to Watch

LINE’s 2026 roadmap (leaked dev slide, verified by Nikkei) hints at hardware-bound keys using Android’s new Identity Credential API, allowing restore only on the same secure hardware. If implemented, the 64-char passphrase may become optional, but migration tools are promised. Until then, the manual key remains the most portable and audit-friendly option.

Key Takeaway

Encrypted backup in LINE 15.4 is a small toggle with outsized privacy gains. Turn it on, park the key in two places, and you can swap phones or countries without trusting Google, OneDrive, or LINE itself with your chat content.

About Author

line聊天 Technical Team - LINE team member, dedicated to providing the best communication experience for users.

View More Articles