[Cryptography] What is Apple's public signing key?
Tom Mitchell
mitch at niftyegg.com
Mon Mar 7 22:03:20 EST 2016
On Sat, Mar 5, 2016 at 7:20 AM, Henry Baker <hbaker1 at pipeline.com> wrote:
> Now that every govt in the world has Apple in its sights, how secure is
> the digital signature system that Apple uses to sign its firmware?
>
> Which algorithm is used?
>
> Which parameters are chosen?
>
> Can these parameters have hidden back doors?
>
> Are there any rainbow/NOBUS attacks?
>
> Are there any methods similar to those used for passwords that can be used
> to slow down a brute force digital signature attack?
>
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Page 7
"The session key exchange uses AES key wrapping with both sides providing a
random key that establishes the session key and uses AES-CCM transport
encryption"
See page 10
It is more complex than this" The local data key is generated from three
secrets. One known by the phone, one by Apple and one by the customer.
The number of bits contributed by each and how they are mixed is
unknown to me.
Keys and methods for communication, keys for the binary image, integrity
checks.
One softer target seems to be at the end of the USB link. If the presented
blob
passes muster it is loaded. Necessary to unbrick a wiped or corrupted phone
if nothing else.
Of interest each phone model has a different Apple secret.
In the future. nothing limits Apple from maintaining an array of secrets
for each model
and a simple or sophisticated way to divide one model into smaller
piles so all editions of a single model are not vulnerable to the same
compromised key. mod(N) something to pick the image to pull and present
for loading.
Generation and choice of a key specifics would be trade secrets for the
simple
reason that some methods have documented issues. Answering what it is
and what it is not would limit the attack surface so say nothing more.
--
T o m M i t c h e l l
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160307/74946e79/attachment.html>
More information about the cryptography
mailing list