lopp on Nostr: The security of the Casa mobile key does not rely upon the encryption of Apple's ...
The security of the Casa mobile key does not rely upon the encryption of Apple's cloud product. Casa does not store the mobile key directly in iCloud, but rather stores an encrypted form of the mobile key. The decryption key for the encrypted mobile key is seucred in a Casa managed HSM. As such, even if a Casa client's iCloud account is completely taken over by a malicious entity, they can't access the mobile key without also successfully authenticating into the Casa account with which it is associated.
Published at
2025-02-22 11:53:07Event JSON
{
"id": "8c77a61301589674adca69e76a4c2803a47149f28a49b2f6230137dd9d4c89d1",
"pubkey": "f728d9e6e7048358e70930f5ca64b097770d989ccd86854fe618eda9c8a38106",
"created_at": 1740225187,
"kind": 1,
"tags": [
[
"e",
"02b3d5970202d1680539215bad434ef4b435e711fffe9ae612bc37d6b34e077f",
"",
"root"
],
[
"p",
"c761dc761dbe60d1879a9852bba96fee63eeab0d73911c55365c5ecf204949a2"
],
[
"p",
"f728d9e6e7048358e70930f5ca64b097770d989ccd86854fe618eda9c8a38106"
],
[
"p",
"d7f3a2d8b777433926e2395d3159892e8479e871a800e401f047fb08ad17f32b"
],
[
"p",
"aef0d6b212827f3ba1de6189613e6d4824f181f567b1205273c16895fdaf0b23"
],
[
"p",
"c9f62a0d99759f36ea0b7f8f218f2e14f6be5b6ba89284a97db1a46cd0a9a6a0"
]
],
"content": "The security of the Casa mobile key does not rely upon the encryption of Apple's cloud product. Casa does not store the mobile key directly in iCloud, but rather stores an encrypted form of the mobile key. The decryption key for the encrypted mobile key is seucred in a Casa managed HSM. As such, even if a Casa client's iCloud account is completely taken over by a malicious entity, they can't access the mobile key without also successfully authenticating into the Casa account with which it is associated.",
"sig": "8c693beb574f2a1efaaa581b367db2925eef47b5b4ecd9166e4cc01f9684359b1f0a5bb2ded7377013b9983399a079530a252ae525dd4a6cbcf907dc5746e56a"
}
