How & where does Canary store encryption keys?

How & where does Canary store encryption keys?

Canary offers two distinct methods for encryption, namely Auto & Manual Encryption mode.

If you already use PGP and would like to manage your own keys in Canary, you must use Manual mode. In this mode, all encryption keys, whether public or private, are always stored locally on device, in encrypted form, in an encrypted database.

In Manual mode, at no point are encryption keys uploaded to any server, whether you use existing keys, or generate new keys in-app.

In Auto mode (only available on Apple devices), key generation and management is handled automatically by the app to offer exceptional ease of use for inexperienced encryption users.

In Auto mode, public keys are uploaded to a public iCloud container, while your private keys are stored in encrypted form in your iCloud Keychain. This ensures that your private keys are synced securely to your own devices, via your own iCloud account.

At no point are private keys sent to Canary’s or any 3rd party server.

All aspects of Canary’s encryption technology, including key handling and storage, have been audited by a leading European cybersecurity company.