Our Encryption Model: The Secure Enclave

What is the Secure Enclave?

Think of the Secure Enclave as a separate, tiny, high-security computer inside your device's main processor. It has its own operating system and its own encrypted memory. Its only job is to handle cryptographic operations and keep secrets safe.

This is the same hardware that protects your most sensitive data, like your Face ID/Touch ID information and your Apple Pay credit card details. UltraLocked is built to leverage this same military-grade technology to protect your files.

How UltraLocked Uses the Secure Enclave

Our encryption model is designed so that we, the developers of UltraLocked, have zero ability to access your data.

1. Key Generation: When you first set up the app, we ask the Secure Enclave to create a master Signing Key and a Key Agreement Key. These keys are generated inside the chip and are physically incapable of leaving it.
2. File Encryption: When you add a file to your vault, a new, unique encryption key is generated for that specific file. This file key is then encrypted using a shared secret derived from the Key Agreement Key within the Secure Enclave.
3. Authentication: The Signing Key is used to verify the integrity of your data and to authorize high-security operations, like a PIN reset.

The result is a multi-layered security system where your data is protected by keys that are themselves protected by unextractable hardware keys.

Want to Learn More?

This is a simplified overview of a complex process. For a complete technical breakdown of our cryptographic model, including diagrams and code-level explanations, please read our full Security Whitepaper.