Is the process for generating a CSR using a SecKey documented anywhere? Creating SecKeys backed by the Secure Enclave seems easy enough, just like you said. However, none of the APIs in Security framework are obviously useful for generating a CSR I can sign externally and re-import like this thread originally describes.
doughbree
Users receive reputation points by contributing quality content to the forums.
Posts include post and replies published on the forums.
Post authors can mark replies as Accepted to indicate successful solutions.
Apple Developer Forums admins can mark replies as Apple Recommended to indicate an approved solution