Re: file encription/decriptoin iOS
Re: file encription/decriptoin iOS
- Subject: Re: file encription/decriptoin iOS
- From: Dave Fernandes <email@hidden>
- Date: Thu, 29 Jun 2017 08:33:10 -0400
Ah. Thinking about the new device use case helps. Everything must be accessible
and decryptable using only the iCloud passphrase. But if the same passphrase is
used both to authorize access to the data and to decrypt it, then Apple has the
passphrase to decrypt each time the user logs in, do they not? So encryption
prevents against third parties seeing the data, but not Apple itself. Or
perhaps the passphrase is used to generate two independent secrets and the
passphrase itself is never sent over the wire?
> On Jun 29, 2017, at 12:27 AM, Jens Alfke <email@hidden> wrote:
>
>
>> On Jun 28, 2017, at 8:04 PM, Dave Fernandes <email@hidden
>> <mailto:email@hidden>> wrote:
>>
>> So everything is protected by the iCloud Drive service key, but what does
>> “which is then stored with the user’s iCloud account” mean? Is it stored on
>> the device or in iCloud? That makes all the difference.
>
> I agree it’s vague. The way I read it is that the service key is stored with
> other account data in iCloud, but the account data is itself encrypted via
> the user’s passphrase (which is not known to Apple.)
>
> If the service key were stored locally, that would beg the question of how it
> gets from one device to another. You have to be able to access everything
> from a new device by logging into iCloud, so any secrets have to be stored
> online. But by encrypting them using the passphrase, Apple prevents anyone
> else (including themselves) from reading them.
>
> —Jens
_______________________________________________
Cocoa-dev mailing list (email@hidden)
Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden