In the case with the wiped device, when you sign in to iCloud, new key pairs are generated from that sign in event and used to decrypt the pet photo that comes down from the iCloud backup to your wiped phone (or new phone). The running OS isn’t necessarily aware the data is encrypted like a fish doesn’t need to know it’s in the water to swim.Ī different encryption is added before that data backs up or syncs to iCloud servers.
#Apple secure delete how to#
The process to sync the data to the cloud doesn’t need to know how to decrypt the data from storage to show it to you or send it to the cloud since iOS and iPhone hardware handle that encryption transparently to the apps. Now things are much more complicated than just a device encrypting data at rest, since we have multiple key pairs and signing certificates and multiple computers involved just to get data to iCloud from your phone.
#Apple secure delete password#
Now - when you sign up for an AppleID or iCloud account - a different password generates a different set of key pairs both in the cloud and on device. That pet photo is encrypted at rest with a key that’s entangled with your device passphrase, not actually encrypted with that passphrase alone. So, you buy a new phone and take a picture of your pet.
The encryption keys used to encrypt this data when it leaves your device are not the same keys as the ones used to lock the files at rest on the iPhone hardware.
#Apple secure delete windows#
ICloud is more complicated, since your data lives in Apple’s servers and can be seen on the web, via API on official and unofficial apps, on Windows and on macOS and other devices in addition to your phone. When you erase the device, the key that unlocks the data was destroyed and no passphrase will get that key back since it never left the Secure Enclave. You don't need any special tool to overwrite any of the data since it was previously encrypted and that encryption exists at rest. You are correct - they key is destroyed instantaneously and the data is cryptographically erased. If you set up a device with the same passcode 5 times in a row - none of the keys would be the same and no one could get at the data from the device even if you told them your passcode. Apple wrote a very clear white paper that covers the protections and goes into some technical detail. You are set since Apple only uses the passphrase to help generate entropy on the actual key that's used to unlock the data.
0 kommentar(er)
