Advanced data protection – where does the key come on new devices?

advanced-data-protection-–-where-does-the-key-come-on-new-devices?

Hey there,

the new advanced data protection feature says, the keys are only stored on the devices themselfes. I’m aware of how encryption works. For a lot of data, a symetric encryption is used, so there is the same key on all devices to read and write data. When you get a new iPhone you can just copy all your data from your old to the new device. Same with timemachine backups on macOS. But when advanced data protection is on and you buy a new mac, you just log in to your iCloud account, where are the keys coming from? Either it will tell you to bring your phone or some other device nearby to copy the keys, or the keys must be stored in iCloud anyways, since there is no way to generate the same keys on a different device without knowing anything.

And second thing: When you share data (for example notes) they say the key is uploaded to the Apple servers. Does apple generate on key for each note, or will it create a new key for the note when sharing it, decrypt, reencrypt and upload the key to Apple? Otherwise the key for all data is uploaded and all data is not end to end encrypted anymore.

Sadly i found no information to this on Apples side.

Published
Categorized as Apple