|
|
|
|
|
|
by bogomipz
3745 days ago
|
|
|
Would you explain how 256-bit AES keys CPU and Secure Enclave and user PIN all work together to provide encryption on the iPhone? Is this documented anywhere? Is this same method employed across different generations of iPhones? Thanks |
|
|
Basically, the Secure Enclave contains a 256-bit AES key physically fused into the silicon during the chip fabrication process. Apple don't know this key, and neither do the manufacturers. It's different on every iPhone. The key cannot be read by any software, or the OS, or even firmware. All that can be seen is the result of using it in a crypto operation.
The key used for actual encryption on iOS is derived by taking an intermediate key derived from the PIN, and then entangling it with the Secure Enclave key (and, I believe, the CPU's key, which is also unique and fused into the hardware, but not quite so secretive). This effectively ties the crypto process to the phone - if you take a data dump of storage and try to brute force it on some more powerful kit, cracking the PIN isn't enough. You'll also have to crack both the AES keys.
This isn't universal across all iPhones - I think the 5S onwards have it.