Legacy Contact security
If a user wants their data to be accessible to designated beneficiaries after their death, they can set up Legacy Contacts on their account. A Legacy Contact is established much like a Recovery Contact, except that the keying information used by a beneficiary doesn’t encompass the information necessary to decrypt the decedent’s iCloud Keychain. The key structure used is the same as for account recovery contact, except that in this case Apple stores the encrypted packet, and the beneficiary keeps the AES key. This allows the portion the beneficiary receives to be shorter—and thus easier to print out if necessary—while still providing the same property that neither part provides any information about the underlying key by itself.
The keying information a beneficiary receives is referred to as an access key in user-facing documentation. The access key is saved automatically on supported devices, but it can also be printed and stored offline for use. For more information, see the Apple support article How to add a Legacy Contact for your Apple ID.
After the user’s death, Legacy Contacts sign in to the Apple claim website to initiate access. This requires a death certificate and is authorized in part with the authorization secret mentioned in the previous section. After all the security checks are completed, Apple issues a user name and password for the new account and releases the necessary keying information to the Legacy Contact.
To more easily input the access key when needed, it’s presented as an alphanumeric code with an associated QR code. After it’s entered, access to the decedent’s iCloud data is restored. This can be performed on a device, or access can be established online. For more information, see the Apple Support article Request access to an Apple account as a Legacy Contact.