Comment Re:If you can't crack the password, then don't. (Score 2) 146
The user is happily using their iWhatever. The government sends a Nation Security letter to Apple forcing them to put a backdoor into the phone of the target, such that this app can read whatever data it wants on the phone.
It's impossible to cut a hardware vendor out of the trust system, unless you audit the hardware of your device. But set this aside.
This won't work because apps never see your password or have access to the decryption keys. The CPU itself doesn't have access to the decryption keys and doesn't even do the crypto algorithms. When the CPU needs to access some data that's encrypted in memory or on the Flash drive, it tells the secure enclave and writes the data to its input. The enclave then decrypts the data, with keys it keeps in its own non-volatile storage, and writes the decrypted data back to the CPU. In the case of the fulll-disk encryption or the fingerprint encryption, at no time do any keys pass into the CPU, let alone get written to RAM. The CPU can order the enclave to create new keys or keypairs, it can enumerate and name them, and associate them with metadata outside the enclave, but it can't actually read the keys themselves.