Users start a new iMessage conversation by entering an address or name. If they enter
a phone number or email address, the device contacts the IDS to retrieve the public
keys and APNs addresses for all of the devices associated with the addressee. If the
user enters a name, the device first utilizes the user’s Contacts app to gather the phone
numbers and email addresses associated with that name, then gets the public keys
and APNs addresses from the IDS.
The user’s outgoing message is individually encrypted for each of the receiver’s
devices. The public RSA encryption keys of the receiving devices are retrieved from IDS.
For each receiving device, the sending device generates a random 128-bit key and
encrypts the message with it using AES in CTR mode. This per-message AES key is
encrypted using RSA-OAEP to the public key of the receiving device. The combination
of the encrypted message text and the encrypted message key is then hashed with
SHA-1, and the hash is signed with ECDSA using the sending device’s private signing
key. The resulting messages, one for each receiving device, consist of the encrypted
message text, the encrypted message key, and the sender’s digital signature. They are
then dispatched to the APNs for delivery. Metadata, such as the timestamp and APNs
routing information, is not encrypted. Communication with APNs is encrypted using a
forward-secret TLS channel.
