Saturday, November 28, 2015

What happens when changing iPhone's passcode?

The iOS's passcode is one of the factors to encrypt files. We expected that it spends much time when we change our passcode because files need to be decrypted by old passcode and encrypted a new one. However changing passcode is prompt. Why?

The below picture comes from the document, iOS Security which I refer to answer the question even though the document doesn't have a direct answer.

The iOS uses the hierarchy keys to encrypt files. Class Key, that is used to encrypt and decrypt File Metadata, is encrypted by Hardware Key and Passcode Key. Hardware Key and File System Key are unique and constant. File Contents is encrypted and decrypted by a unique File Key that is in File Metadata that is encrypted and decrypted by File System Key and Class Key. Only Passcode Key can be changed by a user via the below steps.



  1. iOS uses Hardware Key and Passcode Key to decrypt the encrypted Class Key.
  2. The Passcode is update to new one.
  3. iOS uses Hardware Key and new one to encrypt the Class Key.

Because Class Key and File System Key are constant, changing of Passcode doesn't impact the encrypted file contents. This is the answer.

-Count 

No comments:

Post a Comment