{"id":21582,"date":"2018-05-31T21:26:52","date_gmt":"2018-06-01T01:26:52","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=21582"},"modified":"2018-05-31T21:26:52","modified_gmt":"2018-06-01T01:26:52","slug":"encrypting-for-apples-secure-enclave","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2018\/05\/31\/encrypting-for-apples-secure-enclave\/","title":{"rendered":"Encrypting for Apple&rsquo;s Secure Enclave"},"content":{"rendered":"<p><a href=\"https:\/\/darthnull.org\/security\/2018\/05\/31\/secure-enclave-ecies\/\">David Schuetz<\/a> (<a href=\"https:\/\/twitter.com\/DarthNull\/status\/1002167546898993152\">tweet<\/a>):<\/p>\n<blockquote cite=\"https:\/\/darthnull.org\/security\/2018\/05\/31\/secure-enclave-ecies\/\"><p>Encryption, once you have a safe and well-implemented algorithm, is all about the keys. Lose control of your keys, and it&rsquo;s &ldquo;Game over, man!&rdquo; What if we could put our keys somewhere completely out of reach, where even their owner can&rsquo;t get to them? Yibikeys and HSMs can provide that security, but they&rsquo;re external devices.<\/p>\n<p>[&#8230;]<\/p>\n<p>One feature added in iOS 9, and macOS 10.13, is the ability to store keys and perform cryptography entirely within the Secure Enclave. The application asks the SE to create a public\/private keypair. The SE returns the public key (which should then be stored somewhere safe), but it holds onto the private key. Then it can ask &ldquo;Here, sign this message&rdquo; and the SE will grab the private key, sign the message, and return the result. Or &ldquo;Here, decrypt this,&rdquo; and it&rsquo;ll decrypt the message using the private key, and return the plaintext. The application itself never has direct access to the private key, so the key should be very secure.<\/p>\n<p>[&#8230;]<\/p>\n<p>So why is all this cool? Because we can be confident that nobody can read our data without our device.<\/p><\/blockquote>","protected":false},"excerpt":{"rendered":"<p>David Schuetz (tweet): Encryption, once you have a safe and well-implemented algorithm, is all about the keys. Lose control of your keys, and it&rsquo;s &ldquo;Game over, man!&rdquo; What if we could put our keys somewhere completely out of reach, where even their owner can&rsquo;t get to them? Yibikeys and HSMs can provide that security, but [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2018-06-01T01:26:53Z","apple_news_api_id":"8f2946df-a9c4-4425-afda-62c69310a156","apple_news_api_modified_at":"2018-06-01T01:26:54Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/AjylG36nERCWv2mLGkxChVg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[],"tags":[31,1472,1137,30,1529,71,232,1679,48],"class_list":["post-21582","post","type-post","status-publish","format-standard","hentry","tag-ios","tag-ios-11","tag-ios-9","tag-mac","tag-macos-10-13","tag-programming","tag-python","tag-secure-enclave","tag-security"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21582","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=21582"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21582\/revisions"}],"predecessor-version":[{"id":21583,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/21582\/revisions\/21583"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=21582"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=21582"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=21582"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}