The “key server” does not in fact “generate public keys”. It distributes public keys. But you can’t decrypt a message with public keys - that’s kind of the point...
But after reading research from security experts you have found a citation where Apple is generating a key pair from its servers and sending the private key to the client?
> The “key server” does not in fact “generate public keys”.
That's the point. It should not, but the security model of iMessage allows the key server to get away with it, which is almost certainly happening in China right now. Try reading the article and following the example.
> But after reading research from security experts you have found a citation where Apple is generating a key pair from its servers and sending the private key to the client?
No, it sends the public key. Encrypting messages is done with the recipient's public key. Go read the Wikipedia article on asymmetric encryption. Because the owner of the keyserver can send its own public key, it can decrypt messages with its own private key before re-encrypting with the intended recipient's public key.
Again, if it Apple were in fact creating their own key pairs on their server and sending users the key pair, don’t you think someone would have discovered.
But since it’s in a Wikipedia article, I guess that kind of closes the case.
> [If] Apple were in fact creating their own key pairs on their server and sending users the key pair, don’t you think someone would have discovered.
You once again misunderstand the vulnerability. The vulnerability is that China does this because China controls the keyservers in China.
As far as anybody discovering this, that would be very difficult because Apple does not let you install your own apps on the device and would not approve an app designed to detect this.
But even more, why would they bother? People who care about their privacy will simply avoid closed source software and especially closed systems like Apple's instead of trying to use a known compromisable system safely.
>But since it’s in a Wikipedia article, I guess that kind of closes the case.
I was pointing you to a place where you could learn about cryptography because you seem not to understand the basic concepts. The Wikipedia article does not describe this particular vulnerability.
But after reading research from security experts you have found a citation where Apple is generating a key pair from its servers and sending the private key to the client?