Keys adopts industry best practice to protect your data.
It uses AES-256 to encrypt the data. The key used to encrypt the data is derived from your provided master password by using PBKDF2 + SALT. Because of this, no one can decrypt the data unless the person has the master password. This also means if you forget your master password, there is no way to recover it. Your backups are also encrypted using the same mechanism as your data file.
Besides the strong encryption scheme, Keys also add some other security measures:
- On Mac, Keys will be locked automatically after 10 minutes inactivity.
- On iOS, Keys will be locked automatically after you exit the application.
- On both Mac and iOS, if you copy your password from Keys, it will be cleared from pasteboard after 3 minutes.
If you either use Keys's iCloud Sync or iCloud backup feature, your data will be also stored in iCloud. iCloud uses AES-128 (It's weaker than AES-256 used by Keys but still strong enough). You can check Apple's security doc for more details.