iCloud Keychain confusion

Discussion in 'Apple Music, Apple Pay, iCloud, Apple Services' started by -Tobi-, Oct 26, 2013.

  1. -Tobi- macrumors newbie

    Feb 7, 2012
    Hanover, Germany
    I'm confused with two points on this help page: http://support.apple.com/kb/HT5813

    1. How can it update the passwords accross my approved devices, if it's not stored in iCloud? I don't think that my iPad will send recently added passwords directly to my other devices, or am I wrong here?
    For example, if one device is offline, how can this device get the recently added passwords then? They have to cache that data somewhere, so that it's going to sync to every approved device (in the case it's offline or turned off), right?

    2. My understanding of this is the following: To just syncronize passwords accross all of your (approved) devices, turn on iCloud keychain, but without creating an iCloud Security Code.
    To also backup these passwords to iCloud, additionally turn on iCloud Security Code.
    So when you have reset your devices (e.g. without having a backup) and want to restore your passwords/keychain, you have to type in your iCloud Security Code to restore these passwords.

    If, for synchronization purposes, my passwords are uploaded to iCloud, then somebody has to explain me the differences between syncing and backup, because my passwords are pushed to apple servers either way.
  2. Rigby, Oct 26, 2013
    Last edited: Oct 26, 2013

    Rigby macrumors 601

    Aug 5, 2008
    San Jose, CA
    Apple's description is vague and overly simplified, so we can't know for sure. But I would agree with your assumptions.

    Given the sensitivity of password information, I think we need much more precise information how exactly this service works, particularly the key management. I for one will not use it until they disclose whether or not it is true end-to-end encryption (i.e. if the key that protects the iCloud keychain is ever shared with Apple).

    EDIT: Just noticed that they have added some information about iCloud Keychain to their security page:

    My interpretation is this: As you wrote above, the encrypted keychain data has to be cached on Apples servers, whether you set a security code or not. The difference between the two is that, if you choose to let Apple back up the keychain in the cloud, they will have to also store the key, presumably encrypted using your security code. This will allow a new device to recover the key even if you lose all trusted devices. To protect against brute force and dictionary attacks, I highly recommend to choose a strong security code in this case. Allowing a 4-digit code for this is a bad joke.

    If, on the other hand, you do not pick a security code, I assume they use some kind of secure key exchange protocol between the new and one of the trusted devices. But for this I would like to see confirmation from Apple.
  3. amitgiri macrumors newbie

    Oct 28, 2013

    I will be thankful to you, if someone can please let me know the way of implementing iCloud Keychain with an Adobe Air application for iPad.
    I have a requirement where I need to store user's IAP details, user email and password details on iCloud so that if user installs our app on some other IOS device then he can get all those details there.

    Please help.
  4. -Tobi- thread starter macrumors newbie

    Feb 7, 2012
    Hanover, Germany
    Although your question is off topic, have a look at Apple's iOS developer documentation at http://developer.apple.com

Share This Page