I tried to clean my keychain because there are many certificates in it. When I opened the private key section, I found there are too many of the same key.
Can I delete them? I don't know what they are for. Help me please!
When a user first enables iMessage, your device creates two sets of private and public keys: one set for encrypting data, and one set for signing data (read: signing data is a secondary blurp of data that helps to verify that the encrypted text hasn't been modified after it was sent to the server.
With this type of encryption, the private keys are a form of a secret password, and one that only you can and should know. The public key is another password, but one that you can tell everybody about.) Rather than barging into Keychain without notice, Mail is asking permission.
The public encryption keys and signing keys of the receiving devices are retrieved from IDS. For each receiving device, the sending device generates a random 88-bit value and uses it as an HMAC-SHA256 key to construct a 40-bit value derived from the sender and receiver public key and the plaintext.
Messages sent via iMessage can include photos, videos, and other information. We designed iMessage to use end-to-end encryption, so there's no way for Apple to decrypt the content of your conversations when they are in transit between devices.
It is normal and OK. If you want to clean up useless keys, just quit Messages app first, then open Keychain and delete all items named "iMessage Signing Key" and "iMessage Encryption Key". Then you should restart OS X, after rebooting, OS X will request and generate new key pairs for iMessage encryption.
The number of key pairs depends on how many addresses you set to receive iMessage. Open "Messages" -> "Preferences" -> "Accounts", under "You can reached fro messages at:" section, if you checked 4 addresses, OS X will generate 4 "iMessage Signing Key" and 4 "iMessage Encryption Key" and store them to Keychain.
For details, iMessage system generates two pairs for each address, that is an RSA 1280-bit key for encryption called "iMessage Encryption Key" and an ECDSA 256-bit key for signing called "iMessage Signing Key". The private keys are saved in the device’s Keychain and the public keys are sent to Apple’s directory service. The user’s outgoing message is individually encrypted using AES in CTR mode for each of the recipient’s devices, signed using the sender’s private key, and then dispatched to the Apple iMessage Service for delivery. You can check this out from iOS Security Guide. BTW, on OS X, this is done by /System/Library/PrivateFrameworks/MessageProtection.framework
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With