Based on Apple:
The iCloud Backup keybag incorporates uneven (Curve25519) keys for Knowledge Safety
lessons that aren’t accessible when the gadget is locked. The backup set is saved within the
person’s iCloud account and consists of a duplicate of the person’s recordsdata and the iCloud Backup
keybag. The iCloud Backup keybag is protected by a random key, which can be saved with
the backup set. The person’s iCloud password isn’t used for encryption, so altering the
iCloud password gained’t invalidate current backups.
All the category keys in
this keybag are uneven (utilizing Curve25519, just like the Protected Except Open
Knowledge Safety class), so iCloud backups might be carried out within the background.
When recordsdata are created in Knowledge Safety lessons that aren’t accessible when
the gadget is locked, their per-file keys are encrypted utilizing the category keys
from the iCloud Backup keybag. Recordsdata are backed as much as iCloud of their authentic,
encrypted state. Recordsdata in Knowledge Safety class No Safety are encrypted
throughout transport.
I fail to spot how this permits iCloud backups within the background. When the gadget is locked it has loaded in reminiscence the category keys that should decrypt the per-file key and encrypt once more with the iCloud Backup keybag class keys. In my opinion that guidelines out that the uneven keybag will carry additional safety when encrypting.
