|
|
|
|
|
|
by ashildr
1534 days ago
|
|
|
AFAIK the storage is encrypted using (a key derived from) a unique device key in the secure enclave and thus the storage is tied to the physical device.
Further keys are generated using the Passphrase and the unique device key, so they are tied to the user and the device. The application can chose per file: * Encrypted when locked: NSFileProtectionComplete * Encrypted until first unlock: NSFileProtectionCompleteUntilFirstUserAuthentication * Encrypted unless used by the applications background tasks: NSFileProtectionCompleteUnlessOpen I think the keys used for file encryption are unique per application and then again per file, but I didn’t find information on this. |
|
|