Go Back   MacRumors Forums > Apple Systems and Services > iCloud and Apple Services

Reply
 
Thread Tools Search this Thread Display Modes
Old Oct 26, 2013, 10:42 AM   #1
-Tobi-
macrumors newbie
 
Join Date: Feb 2012
Location: Hanover, Germany
iCloud Keychain confusion

I'm confused with two points on this help page: http://support.apple.com/kb/HT5813

Quote:
Can I set up iCloud Keychain so that my data isn't backed up in the cloud?

Yes. When setting up iCloud Keychain, you can skip the step for creating an iCloud Security Code. Your keychain data is then stored only locally on the device, and updates only across your approved devices.

Important: If you choose to not create an iCloud Security Code, Apple will not be able to recover your iCloud Keychain.
1. How can it update the passwords accross my approved devices, if it's not stored in iCloud? I don't think that my iPad will send recently added passwords directly to my other devices, or am I wrong here?
For example, if one device is offline, how can this device get the recently added passwords then? They have to cache that data somewhere, so that it's going to sync to every approved device (in the case it's offline or turned off), right?


Quote:
What is the iCloud Security Code?
[...]
The iCloud Security Code is used to authorize additional devices to use your iCloud Keychain. It's also used to verify your identify so that you can perform other iCloud Keychain actions, such as recovering your iCloud Keychain if you lose all your devices.
and
Quote:
Can I remove my iCloud Keychain from Apple's servers?
[...]
After you complete these steps, your keychain data will remain locally on your devices, but changes to your keychain information will not push to your other devices or the cloud unless you turn iCloud Keychain back on. If you want keychain data to push to all of your devices, but not to the cloud, turn on iCloud Keychain on each device as described earlier in this document, but skip the step to create an iCloud Security Code.
2. My understanding of this is the following: To just syncronize passwords accross all of your (approved) devices, turn on iCloud keychain, but without creating an iCloud Security Code.
To also backup these passwords to iCloud, additionally turn on iCloud Security Code.
So when you have reset your devices (e.g. without having a backup) and want to restore your passwords/keychain, you have to type in your iCloud Security Code to restore these passwords.


If, for synchronization purposes, my passwords are uploaded to iCloud, then somebody has to explain me the differences between syncing and backup, because my passwords are pushed to apple servers either way.
__________________
MacBook: Air 13" Mid 2012
iPhone: 5s
iPad: 5. Gen (Air) & mini 2. Gen (Retina)
~  ~ once you go mac, you never go back ~  ~
-Tobi- is offline   0 Reply With Quote
Old Oct 26, 2013, 11:46 AM   #2
Rigby
macrumors 6502a
 
Join Date: Aug 2008
Location: San Jose, CA
Apple's description is vague and overly simplified, so we can't know for sure. But I would agree with your assumptions.

Given the sensitivity of password information, I think we need much more precise information how exactly this service works, particularly the key management. I for one will not use it until they disclose whether or not it is true end-to-end encryption (i.e. if the key that protects the iCloud keychain is ever shared with Apple).

EDIT: Just noticed that they have added some information about iCloud Keychain to their security page:

http://support.apple.com/kb/HT4865
Quote:
- iCloud Keychain encryption keys are created on your devices, and Apple can't access those keys. Only encrypted keychain data passes through Apple's servers, and Apple can't access any of the key material that could be used to decrypt that data.
- Only trusted devices that you approved can access your iCloud Keychain.
- Advanced settings allow you to choose an iCloud Security Code longer than four digits or have your device generate one for you.
- You can choose to disable keychain recovery, which means that iCloud Keychain is kept up to date across your approved devices, but the encrypted data is not stored with Apple and cannot be recovered if all of your devices are lost.
My interpretation is this: As you wrote above, the encrypted keychain data has to be cached on Apples servers, whether you set a security code or not. The difference between the two is that, if you choose to let Apple back up the keychain in the cloud, they will have to also store the key, presumably encrypted using your security code. This will allow a new device to recover the key even if you lose all trusted devices. To protect against brute force and dictionary attacks, I highly recommend to choose a strong security code in this case. Allowing a 4-digit code for this is a bad joke.

If, on the other hand, you do not pick a security code, I assume they use some kind of secure key exchange protocol between the new and one of the trusted devices. But for this I would like to see confirmation from Apple.

Last edited by Rigby; Oct 26, 2013 at 12:07 PM.
Rigby is offline   0 Reply With Quote
Old Oct 28, 2013, 05:22 AM   #3
amitgiri
macrumors newbie
 
Join Date: Oct 2013
Hi,

I will be thankful to you, if someone can please let me know the way of implementing iCloud Keychain with an Adobe Air application for iPad.
I have a requirement where I need to store user's IAP details, user email and password details on iCloud so that if user installs our app on some other IOS device then he can get all those details there.

Please help.
amitgiri is offline   0 Reply With Quote
Old Oct 29, 2013, 03:12 PM   #4
-Tobi-
Thread Starter
macrumors newbie
 
Join Date: Feb 2012
Location: Hanover, Germany
Quote:
Originally Posted by amitgiri View Post
Hi,

I will be thankful to you, if someone can please let me know the way of implementing iCloud Keychain with an Adobe Air application for iPad.
I have a requirement where I need to store user's IAP details, user email and password details on iCloud so that if user installs our app on some other IOS device then he can get all those details there.

Please help.
Although your question is off topic, have a look at Apple's iOS developer documentation at http://developer.apple.com
__________________
MacBook: Air 13" Mid 2012
iPhone: 5s
iPad: 5. Gen (Air) & mini 2. Gen (Retina)
~  ~ once you go mac, you never go back ~  ~
-Tobi- is offline   0 Reply With Quote

Reply
MacRumors Forums > Apple Systems and Services > iCloud and Apple Services

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
iCloud Keychain / Keychain Access Question amnichols10 OS X Mavericks (10.9) 2 Apr 23, 2014 06:10 PM
Keychain has just made all my passwords open! How is iCloud keychain meant to work? mpt-matthew iOS 7 16 Apr 23, 2014 03:29 PM
iCloud Keychain problems after deleting Keychain Access bkribbs OS X Mavericks (10.9) 0 Nov 19, 2013 09:45 PM
iCloud Confusion MauerFan iCloud and Apple Services 2 Mar 31, 2013 09:29 PM
iCloud confusion sheppy1 iCloud and Apple Services 0 Feb 10, 2013 02:40 PM

Forum Jump

All times are GMT -5. The time now is 07:15 PM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC