> On Jun 28, 2017, at 12:17 PM, Jens Alfke <j...@mooseyard.com> wrote: > > >> On Jun 28, 2017, at 6:33 AM, Sandor Szatmari <admin.szatmari....@gmail.com> >> wrote: >> >> I thought there were both local and iCloud Notes, no? > > Not sure what you’re asking, but: Anything saved to iCloud goes through > end-to-end encryption, so there’s no way to read it on the iCloud servers > without using keys stored on your device (derived from your iCloud password.) > So again, it’s not necessary to add any extra encryption. > > —Jens > _______________________________________________
I didn’t realize this, and went to the iOS Security Guide to get more details, but I am left more confused than when I started. The Security Guide has this to say (CloudKit works the same way): iCloud Drive iCloud Drive adds account-based keys to protect documents stored in iCloud. As with existing iCloud services, it chunks and encrypts file contents and stores the encrypted chunks using third-party services. However, the file content keys are wrapped by record keys stored with the iCloud Drive metadata. These record keys are in turn protected by the user’s iCloud Drive service key, which is then stored with the user’s iCloud account. Users get access to their iCloud documents metadata by having authenticated with iCloud, but must also possess the iCloud Drive service key to expose protected parts of iCloud Drive storage. So everything is protected by the iCloud Drive service key, but what does “which is then stored with the user’s iCloud account” mean? Is it stored on the device or in iCloud? That makes all the difference. - Dave _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com