What is applekeystored?

applekeystored is a security process that manages keys on your Mac.

What is applekeystored?

applekeystored manages the cryptographic keys stored in the Secure Enclave, the dedicated security chip in your Mac. Unlike the Keychain (managed by securityd), which stores passwords and certificates on disk, applekeystored handles keys that never leave the hardware security chip.

What is the Secure Enclave?

The Secure Enclave is a security processor built into your Mac's chip, kept separate from the rest of the system. It stores sensitive cryptographic keys in a way that makes them impossible to pull out, even if the rest of your Mac is broken into. applekeystored is the software link to this hardware.

What keys does it manage?

The Secure Enclave stores keys for:

• Touch ID: the fingerprint data and sign-in keys
• Apple Pay: payment card cryptographic keys
• FileVault: disk encryption keys
• Passkeys: the private keys for passwordless sign-in
• Secure boot: keys that check the boot process is genuine
• Data Protection: per-file encryption keys

How is it different from securityd?

securityd manages the software Keychain, which holds passwords, certificates, and keys stored on disk (encrypted). applekeystored manages keys that are bound to the Secure Enclave hardware and cannot be exported or copied, even by the operating system itself.

Does it use many resources?

No. It handles cryptographic tasks on demand, and the real processing happens in the Secure Enclave hardware.

Should you worry?

No. It is a vital security process that protects your most sensitive cryptographic material in hardware. This is one of the reasons Macs with Secure Enclave chips are much more secure than older models.

Enjoyed this post?

Well, you could share the post with others, follow me with RSS Feeds and/or send me a comment via email.

Tags