When a backup is created, a secure communication channel is established between the cards using the Diffie-Hellman key exchange protocol, after which the keys are transferred from one card to the other. This mechanism is fully protected against man-in-the-middle attacks since the first step involves the cards authenticating each other with a two-way attestation, and the encryption is done with a 256-bit key. This is a top-level encryption protocol, and the application will not be able to decrypt the keys under any circumstances.
Comments
0 comments
Article is closed for comments.