To make things easier to understand, TechCrunch gives the example of a mail box that has two keys. One key lets you drop chain mail into the mail slot, while the other key lets you take mail out, and both keys are wholly different. similarly, a “ public key ” is like the mail slot key. You can parcel it with the earth, and anyone can encrypt messages to send to you. however, the key only works in one direction. Your individual identify ( the mail pickup key, in the analogy above ) is the only direction to decrypt the message .
With that, here’s how iMessage works: When a drug user first enables iMessage, your device creates two sets of secret and populace keys : one arrange for encrypting data, and one set for signing data ( read : sign language data is a secondary blurp of data that helps to verify that the code textbook hasn ’ triiodothyronine been modified after it was sent to the server. If these two things ever don ’ triiodothyronine couple up, loss flags start going away. ) Your public keys are sent to Apple ’ sulfur servers. Your individual keys are stored on your device. Apple never sees your individual keys.
Read more: iCloud – Wikipedia
When person starts an iMessage conversation with you, they fetch your public key ( s ) from Apple ’ sulfur servers. Before that message leaves the sender ’ mho device, it ’ second encrypted into something that only your device knows how to decrypt. indeed if Apple never has your private key, how bash messages arrive at all of your devices in a clear form ? How do your individual key ( s ) get from one device to the other ? simple answer : they don ’ thyroxine. You ’ ve actually got one determine of keys for each device you add to iCloud, and each iMessage is encrypted independently for each device. so if you have two devices — say, an iPad and an iPhone — each message sent to you is actually encrypted ( AES-128 ) and stored on Apple ’ s servers twice. once for each device. When you pull down a message, it ’ s specifically encrypted for the device you ’ re on. Some data ( “ such as the timestamp and APN routing data ”, says Apple ) is not encrypted. All of this independently encrypted/non-encrypted data is then encrypted as a solid package, on the trips between your device and Apple ’ mho servers. This makes it well tougher for attackers sitting between you and Apple ’ s server to figure out what datum is what, and what they should actually try to decrypt.
Read more: Dual_EC_DRBG – Wikipedia
once your device has retrieved a message, that encrypted copy of the message is deleted from Apple ’ randomness servers. If you have multiple devices, another encrypted copy mean for another device might sit on their servers until it expires. Messages are stored for up to seven days .
Apple ’ mho updated text file besides details the inner work of both Touch ID and the “ Security Enclave ” built into Apple ’ s 64-bit A7 central processing unit. For those concerned can download the document here .