Update 6/10: Based on a short conversation with an engineering lead at X, some of the devices used at X are claimed to be using HSMs. See more further below. Matthew Garrett has a nice post about T…
The actual key management and encryption protocols are published. Each new device generates a new key and reports their public key to an Apple-maintained directory. When a client wants to send a message, it checks the directory to know which unique devices it should send the message to, and the public key for each device.
Any newly added device doesn’t have the ability to retrieve old messages. But history can be transferred from old devices if they’re still working and online.
Basically, if you’ve configured things for maximum security, you will lose your message history if you lose or break your only logged-in device.
There’s no real way to audit whether Apple’s implementation follows the protocols they’ve published, but we’ve seen no indicators that they aren’t doing what they say.
Are you so sure Apple doesn’t have your keys? How are they migrating the keys to your new device? It’s all closed source
The actual key management and encryption protocols are published. Each new device generates a new key and reports their public key to an Apple-maintained directory. When a client wants to send a message, it checks the directory to know which unique devices it should send the message to, and the public key for each device.
Any newly added device doesn’t have the ability to retrieve old messages. But history can be transferred from old devices if they’re still working and online.
Basically, if you’ve configured things for maximum security, you will lose your message history if you lose or break your only logged-in device.
There’s no real way to audit whether Apple’s implementation follows the protocols they’ve published, but we’ve seen no indicators that they aren’t doing what they say.
That’s good to know, thanks.
deleted by creator