1.11. How data is encrypted¶
The Password Vault on the phone is a securely protected container and all the data is encrypted with AES-256 encryption algorithms. Encryption keys are stored in the phone’s local KeyChain and are not transmitted to the cloud. The phone’s KeyChain is highly protected storage (which even the FBI has trouble accessing). Only the owner of the container can access the contents of the vault after entering a PIN code or Touch ID.
If the owner forgets the PIN code, access to the vault will be impossible and no one will be able to access it, including Apple support and KeyReel developers. The encryption key is stored on the phone and the phone only. The only way to restore the encrypted passwords in this case is by using a backup key configured during installation.