|
|
|
|
|
|
by md_
980 days ago
|
|
|
I'm not sure how to relate that to the slashid article, which notes, > In other words, the private key used to encrypt kSecAttrSynchronizable keys in the Secure Enclave is backed in iCloud. As such, when a new device needs to restore the keychain it can reconstruct the private key and thus decrypt the keypair needed to access all the private keys marked as kSecAttrSynchronizable, which include passkeys. So presumably the iCloud sync pubkey is in fact available to the TEE to do the necessary encryption before exporting the synced credentials. Where that pubkey is stored only matters if you can trick the TEE into encrypting to some other pubkey, which presumably you can't--the implication of the docs seems to be that it pre-establishes which keys it will trust at iCloud enrollment time. Is that not the case? I think if the TEE happily encrypts to any pubkey, there's a super obvious bypass here, so I doubt that's how the system works. |
|
|