Ah. Thinking about the new device use case helps. Everything must be accessible and decryptable using only the iCloud passphrase. But if the same passphrase is used both to authorize access to the data and to decrypt it, then Apple has the passphrase to decrypt each time the user logs in, do they not? So encryption prevents against third parties seeing the data, but not Apple itself. Or perhaps the passphrase is used to generate two independent secrets and the passphrase itself is never sent over the wire?
> On Jun 29, 2017, at 12:27 AM, Jens Alfke <j...@mooseyard.com> wrote: > > >> On Jun 28, 2017, at 8:04 PM, Dave Fernandes <dave.fernan...@utoronto.ca >> <mailto:dave.fernan...@utoronto.ca>> wrote: >> >> So everything is protected by the iCloud Drive service key, but what does >> “which is then stored with the user’s iCloud account” mean? Is it stored on >> the device or in iCloud? That makes all the difference. > > I agree it’s vague. The way I read it is that the service key is stored with > other account data in iCloud, but the account data is itself encrypted via > the user’s passphrase (which is not known to Apple.) > > If the service key were stored locally, that would beg the question of how it > gets from one device to another. You have to be able to access everything > from a new device by logging into iCloud, so any secrets have to be stored > online. But by encrypting them using the passphrase, Apple prevents anyone > else (including themselves) from reading them. > > —Jens _______________________________________________ Cocoa-dev mailing list (Cocoa-dev@lists.apple.com) Please do not post admin requests or moderator comments to the list. Contact the moderators at cocoa-dev-admins(at)lists.apple.com Help/Unsubscribe/Update your Subscription: https://lists.apple.com/mailman/options/cocoa-dev/archive%40mail-archive.com This email sent to arch...@mail-archive.com
