Comment by grahamj

1 day ago

This is why, while I applaud what Apple is doing here, they need to allow us to supply our own E2E encryption keys.

10 comments

grahamj

Reply
shuckles  1 day ago

That’s literally what the feature they’re removing did.

  • kbolino  1 day ago

    Not exactly. It generates the keys for you and stores them on device in the Secure Enclave. You cannot "bring your own" encryption key, but the primary benefit of doing so--that Apple does not have access to it--is intentionally accomplished anyway by the implementation.

    • shuckles  1 day ago

      I’m not sure I appreciate the value of literally bringing your own keys. My device generating them on my behalf as part of a setup process seems sufficient. You’d use openssl or something and defer to software to actually do keygen no matter what.

      6 replies →

vandahm  16 hours ago

But if you don't trust Apple, how to you get the key into the Secure Enclave to begin with? Doesn't Apple control the software on your device that provides the interface into the Secure Enclave from outside of it?