From bc1a3fead2b91c7a34a2129c7a166d376cdf15d0 Mon Sep 17 00:00:00 2001 From: pra9dotcom <126486511+pra9dotcom@users.noreply.github.com> Date: Fri, 16 Aug 2024 13:56:31 +0530 Subject: [PATCH 1/4] add info about when and how iOS stores vault passwords in iOS Keychain --- source/ios/vault-management.rst | 7 +++++++ source/security/architecture.rst | 22 +++++++++++++++++++++- 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/source/ios/vault-management.rst b/source/ios/vault-management.rst index 86da36f..2437c7e 100644 --- a/source/ios/vault-management.rst +++ b/source/ios/vault-management.rst @@ -27,3 +27,10 @@ In order to have a guarantee that your vault stays unlocked for a certain amount E.g., if you choose "1 Hour" and Cryptomator gets terminated by iOS within that time frame, your vault can automatically be unlocked again using the key from the iOS keychain. If the selected time frame has passed, the key will be removed from the iOS keychain and your vault will get automatically locked. If you choose the "Indefinite" option, your vault will be kept unlocked until you have manually locked it. + +.. _ios/vault-management/security-considerations: + +Security Considerations +-------------------------- + +Refer to the :ref:`Secrets Management ` section to understand when and how your vault passwords are stored in the iOS Keychain. \ No newline at end of file diff --git a/source/security/architecture.rst b/source/security/architecture.rst index 312fdfb..fa7c01d 100644 --- a/source/security/architecture.rst +++ b/source/security/architecture.rst @@ -160,4 +160,24 @@ When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored maste .. image:: ../img/security/masterkey-decryption@2x.png :alt: Masterkey Decryption :width: 440px - :align: center \ No newline at end of file + :align: center + +‎ +‎ + +.. _security/architecture/secrets-management: + +Secrets Management +----------------------- + +``iOS``: iOS will store a copy of your Vault passwords in the iOS Keychain only for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. + +Cryptomator stores vault passwords in the iOS Keychain with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, which ensures: + +1. After a reboot, the copy of your Vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. +2. Vault passwords are not migrated to a new device when restoring an iOS device from a backup of a different iOS device. +3. Vault passwords aren't synced to iCloud. + +It should be obvious, but Cryptomator won't store a copy of your Vault password in the iOS Keychain, for vaults that don't use ``Face ID`` AND have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. + +``Android, macOS, Linux, Windows``: Info to be added \ No newline at end of file From c8dc06dbc7857cf88d702739a554cd5d5f712108 Mon Sep 17 00:00:00 2001 From: Pranav <126486511+pra9dotcom@users.noreply.github.com> Date: Fri, 16 Aug 2024 08:42:35 +0000 Subject: [PATCH 2/4] minor changes to architecture.rst --- source/security/architecture.rst | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/source/security/architecture.rst b/source/security/architecture.rst index fa7c01d..da1a219 100644 --- a/source/security/architecture.rst +++ b/source/security/architecture.rst @@ -170,14 +170,14 @@ When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored maste Secrets Management ----------------------- -``iOS``: iOS will store a copy of your Vault passwords in the iOS Keychain only for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. +``iOS``: iOS will store a copy of your vault password in the iOS Keychain only for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. Cryptomator stores vault passwords in the iOS Keychain with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, which ensures: -1. After a reboot, the copy of your Vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. +1. After a reboot, the copy of your vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. 2. Vault passwords are not migrated to a new device when restoring an iOS device from a backup of a different iOS device. 3. Vault passwords aren't synced to iCloud. -It should be obvious, but Cryptomator won't store a copy of your Vault password in the iOS Keychain, for vaults that don't use ``Face ID`` AND have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. +It should be obvious, but Cryptomator won't store a copy of your vault password in the iOS Keychain, for vaults that don't use ``Face ID`` AND have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. -``Android, macOS, Linux, Windows``: Info to be added \ No newline at end of file +``Android, macOS, Linux, Windows``: Info to be added From 4e814ac9f64d34befab164f3a6e6d974cbac6a8d Mon Sep 17 00:00:00 2001 From: pra9dotcom <126486511+pra9dotcom@users.noreply.github.com> Date: Sat, 17 Aug 2024 12:40:18 +0530 Subject: [PATCH 3/4] Move Secrets Management section under Vault Management section for iOS --- source/ios/vault-management.rst | 10 +++++++++- source/security/architecture.rst | 20 -------------------- 2 files changed, 9 insertions(+), 21 deletions(-) diff --git a/source/ios/vault-management.rst b/source/ios/vault-management.rst index 2437c7e..dfc3878 100644 --- a/source/ios/vault-management.rst +++ b/source/ios/vault-management.rst @@ -33,4 +33,12 @@ If you choose the "Indefinite" option, your vault will be kept unlocked until yo Security Considerations -------------------------- -Refer to the :ref:`Secrets Management ` section to understand when and how your vault passwords are stored in the iOS Keychain. \ No newline at end of file +iOS will store a copy of your Vault passwords in the iOS Keychain for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. + +Cryptomator stores vault passwords in the iOS Keychain with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, which ensures: + +1. After a reboot, the copy of your vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. +2. Vault passwords are not migrated to a new device when restoring an iOS device from a backup of a different iOS device. +3. Vault passwords aren't synced to iCloud. + +It should be obvious, but Cryptomator won't store a copy of your vault password in the iOS Keychain, for vaults that don't use ``Face ID`` and also have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. \ No newline at end of file diff --git a/source/security/architecture.rst b/source/security/architecture.rst index da1a219..c606192 100644 --- a/source/security/architecture.rst +++ b/source/security/architecture.rst @@ -161,23 +161,3 @@ When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored maste :alt: Masterkey Decryption :width: 440px :align: center - -‎ -‎ - -.. _security/architecture/secrets-management: - -Secrets Management ------------------------ - -``iOS``: iOS will store a copy of your vault password in the iOS Keychain only for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. - -Cryptomator stores vault passwords in the iOS Keychain with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, which ensures: - -1. After a reboot, the copy of your vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. -2. Vault passwords are not migrated to a new device when restoring an iOS device from a backup of a different iOS device. -3. Vault passwords aren't synced to iCloud. - -It should be obvious, but Cryptomator won't store a copy of your vault password in the iOS Keychain, for vaults that don't use ``Face ID`` AND have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. - -``Android, macOS, Linux, Windows``: Info to be added From 9e28981f34e9ee46ec82367122f7b585b44346ae Mon Sep 17 00:00:00 2001 From: Tobias Hagemann Date: Mon, 19 Aug 2024 15:44:27 +0200 Subject: [PATCH 4/4] updated ios/vault-management --- source/ios/vault-management.rst | 17 ++++++++++------- source/security/architecture.rst | 2 +- 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/source/ios/vault-management.rst b/source/ios/vault-management.rst index dfc3878..fcbeb0e 100644 --- a/source/ios/vault-management.rst +++ b/source/ios/vault-management.rst @@ -31,14 +31,17 @@ If you choose the "Indefinite" option, your vault will be kept unlocked until yo .. _ios/vault-management/security-considerations: Security Considerations --------------------------- +----------------------- -iOS will store a copy of your Vault passwords in the iOS Keychain for vaults that use ``Face ID`` or have the ``Unlock duration`` set to anything except ``Let iOS Decide Automatically``. +Cryptomator balances security and usability by storing certain credentials in the iOS Keychain to enable convenient features like biometric authentication and reduced password prompts. Here's how it works: -Cryptomator stores vault passwords in the iOS Keychain with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, which ensures: +* Vault Passwords: Cryptomator stores a copy of your vault password in the iOS Keychain when Touch ID or Face ID is enabled. +* Masterkeys: Cryptomator stores a copy of the masterkey in the iOS Keychain for vaults with a specified "Unlock Duration" (anything except "Let iOS Decide Automatically"). -1. After a reboot, the copy of your vault passwords stored in the iOS Keychain are only available to use by the Cryptomator app after the first unlock using your device's passcode. -2. Vault passwords are not migrated to a new device when restoring an iOS device from a backup of a different iOS device. -3. Vault passwords aren't synced to iCloud. +These credentials are stored with the `kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly `_ attribute, ensuring: -It should be obvious, but Cryptomator won't store a copy of your vault password in the iOS Keychain, for vaults that don't use ``Face ID`` and also have their ``Unlock duration`` set to ``Let iOS Decide Automatically``. \ No newline at end of file +1. Keychain entries are only accessible after the first unlock using your device's passcode following a reboot. +2. Keychain entries are not transferred to a new device when restoring from a backup. +3. Keychain entries are not synchronized to iCloud. + +These measures are designed to provide a secure yet convenient experience on your trusted devices. If you prefer not to store these credentials in the Keychain due to security concerns, you can opt out of using these features. However, for most users, this balance between security and usability is appropriate and safe. diff --git a/source/security/architecture.rst b/source/security/architecture.rst index c606192..312fdfb 100644 --- a/source/security/architecture.rst +++ b/source/security/architecture.rst @@ -160,4 +160,4 @@ When unlocking a vault the KEK is used to unwrap (i.e. decrypt) the stored maste .. image:: ../img/security/masterkey-decryption@2x.png :alt: Masterkey Decryption :width: 440px - :align: center + :align: center \ No newline at end of file