Post

Replies

Boosts

Views

Activity

Secure Enclave and kSecAttrKeySizeInBits 384
Hello! The documentation says that the SE stores only 256-bit elliptic curve private keys at: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave However I'm a bit baffled because if I generate keys with kSecAttrKeyType kSecAttrKeyTypeEC, kSecAttrKeySizeInBits 384 and kSecAttrTokenID kSecAttrTokenIDSecureEnclave the call is successful. I get a private key that I also can query with SecItemCopyMatching. I can also sign data with SecKeyCreateSignature with SecKeyAlgorithm.ecdsaSignatureMessageX962SHA384 algorithm and verify the signature with SecKeyVerifySignature. SecKeyIsAlgorithmSupported also returns ok. So my question is this: What really happens? Are 384 bit keys supported by secure enclave? Does the key generation fail silently and use regular keychain? Does it somehow still use 256 bit keys in secure enclave even though 384 is specified?
1
0
452
Nov ’21
One FaceID for multiple operations in a short while
Hi, Is this possible? I would like to: Store a biometrically secured key in the Secure Enclave. Do multiple cryptographic operations using that key in a short period of time (say 5 seconds), not all at once. Only do one FaceID for that set. For the time I've only gotten either multiple flashing FaceId requests or the operations failing. Is it possible to set a time limit in which the first FaceID authentication is accepted? Should I do something else? Thanks!
4
0
764
May ’24