Introduction
Introduction and high-level context coming soon.Technical Reference
High-Level Overview
Coming soon.Backup Composition
- The is a collection of raw files stored locally on the device only. The structure of the is described in the Backup Composition & Sync section.
- The user encrypts the with a that’s randomly generated by World App.
- The user then encrypts the with each Factor Secret, creating . After the is encrypted with each Factor Secret, the user discards the secret key of the , and stores the public key (which is used to encrypt new versions of the to Sync the backup).
- All the s are stored in the .
The reason for the layer is that when adding a new , the factor can be added without requiring to create a new . If Factor Secrets were used directly, versions of the would need to be stored.
Factor Secrets
Main Factors are able to derive or store Factor Secrets. A Factor Secret is a key that is used to encrypt the . When decrypting the , the is decrypted first with the Factor Secret and then the Sealed Backup to retrieve the raw files. Each derives its Factor Secret this way:- For Passkeys, the Factor Secret is a PRF extension key which allows deriving a deterministic symmetric key.
- For OIDC, the Factor Secret is a random 32 byte sequence that is generated in the user’s World App and then stored inside Turnkey’s Secure Enclaves as a Private Key. On recovery, the Secure Enclave provably authenticates the user before providing the secret.
- For iCloud Keychain, a P-256 keypair is generated by the
Securityframework on iOS and stored in the keychain. The private key is used as a secret to encrypt the .
Backup Metadata
The is a plain-text file that is stored in the backup service. It generally contains the following information (see source code for most up-to-date information):- The ID of the backup
- The list of .
- The list of s.
- The list of s.