Apple doesn't even have the encryption keys for iCloud Keychain. They've taken a very hardcore secure approach to this that is explicitly designed for "adversarial clouds". This isn't true for all iCloud data, but the most sensitive stuff like keychain and health data use end-to-end encryption.[1]
What's impressive is they've implemented a backup solution for this that still retains end-to-end encryption. They use HSMs to encrypt a keychain "escrow" backup using your device passcode. The HSMs protect against brute forcing and Apple has no way to bypass -- they literally put the firmware administration keys in a blender.[2] It's pretty cool.
What's impressive is they've implemented a backup solution for this that still retains end-to-end encryption. They use HSMs to encrypt a keychain "escrow" backup using your device passcode. The HSMs protect against brute forcing and Apple has no way to bypass -- they literally put the firmware administration keys in a blender.[2] It's pretty cool.
[1] https://www.apple.com/business/docs/iOS_Security_Guide.pdf
[2] https://www.youtube.com/watch?v=BLGFriOKz6U&feature=youtu.be...