Hey @eskimo I've read a bunch of your other answers on security related questions here and you seem very knowledgeable about this stuff, so I was wondering if you have any thoughts on what's going on or how to fix it? In the meantime, I've used the following approach but not sure if this is best practice or secure (ignoring 100% perfect syntax and error handling): do { let privateDeviceKey = try SecureEnclave.P256.Signing.PrivateKey() let pubKey = privateDeviceKey.publicKey.rawRepresentation let query = [kSecClass: kSecClassGenericPassword, kSecAttrAccount: tagPrivateDeviceSigningKey, kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked, kSecUseDataProtectionKeychain: true, kSecValueData: privateDeviceKey.dataRepresentation] as [String: Any] // Add the key data. let status = SecItemAdd(query as CFDictionary, nil) result(pubKey as Data) } catch { ... } ... let query = [kSecClass: kSecClassGenericPassword, kSecAttrAccount: tagPrivateDeviceSigningKey, kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked, kSecUseDataProtectionKeychain: true, kSecReturnData: true] as [String: Any] // Find and cast the result as data. let deviceSigningKeyData: Data var item: CFTypeRef? switch SecItemCopyMatching(query as CFDictionary, &item) { case errSecSuccess: guard let data = item as? Data else { return nil } deviceSigningKeyData = data let secDeviceSigningKey = try SecureEnclave.P256.Signing.PrivateKey(dataRepresentation: deviceSigningKeyData ?? Data(0)) let signature = try? secDeviceSigningKey.signature(for: digest).rawRepresentation Thoughts?