Hi,I want to know the difference between private keys generated using Cryptokit framework and normal key pair generation.Cryptokit framework documentation link ishttps://developer.apple.com/documentation/cryptokit/performing_common_cryptographic_operationsNormal key pair generation link ishttps://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keysIn both cases i am creating keys of type p256.The sample code for both is given below.//Private key using Cryptokit framework
let signinKey = P256.Signing.PrivateKey()
//Private key using normal keypair generation
let attributes: [String: Any] = [
kSecClass as String: kSecClassKey,
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits as String: 256,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: true,
kSecAttrLabel as String:"test",
kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked,
kSecUseDataProtectionKeychain: true,
kSecAttrApplicationTag as String: "com.mydomian.uniqueTag" ]
]
var error: Unmanaged<CFError>?
guard let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) else {
throw error!.takeRetainedValue() as Error
}
Thanks in Advance for the help
Post not yet marked as solved
Hi,I am getting error while storing keys in Keychain using Cryptokit.The error details I am getting using-34018Playground execution terminated: An error was thrown and was not caught:▿ Unable to store item: - message : "Unable to store item:"The Swift code I am using is given below.import Cocoaimport Foundationimport CryptoKitimport Security/// An error we can throw when something goes wrong.struct KeyStoreError: Error, CustomStringConvertible { var message: String init(_ message: String) { self.message = message } public var description: String { return message }}/*extension OSStatus { /// A human readable message for the status. var message: String { return (SecCopyErrorMessageString(self, nil) as String?) ?? String(self) }}*//// The interface needed for SecKey conversion.protocol SecKeyConvertible: CustomStringConvertible { /// Creates a key from an X9.63 representation. init<Bytes>(x963Representation: Bytes) throws where Bytes: ContiguousBytes /// An X9.63 representation of the key. var x963Representation: Data { get }}extension SecKeyConvertible { /// A string version of the key for visual inspection. /// IMPORTANT: Never log the actual key data. public var description: String { return self.x963Representation.withUnsafeBytes { bytes in return "Key representation contains \(bytes.count) bytes." } }}// Assert that the NIST keys are convertible.extension P256.Signing.PrivateKey: SecKeyConvertible {}extension P256.KeyAgreement.PrivateKey: SecKeyConvertible {}let keyValue = P256.Signing.PrivateKey();func storeKey<T: SecKeyConvertible>(_ key: T, label: String) throws { // Describe the key. let attributes = [kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyClass: kSecAttrKeyClassPrivate] as [String: Any] // Get a SecKey representation. guard let secKey = SecKeyCreateWithData(key.x963Representation as CFData, attributes as CFDictionary, nil) else { throw KeyStoreError("Unable to create SecKey representation.") } // Describe the add operation. let query = [kSecClass: kSecClassKey, kSecAttrApplicationLabel: label, kSecAttrAccessible: kSecAttrAccessibleWhenUnlocked, kSecUseDataProtectionKeychain: true, kSecValueRef: secKey] as [String: Any] // Add the key to the keychain. let status = SecItemAdd(query as CFDictionary, nil) guard status == errSecSuccess else { throw KeyStoreError("Unable to store item:") }}storeKey(keyValue, label:"test.sample.com")Can anyone please help?Thanks in Advance.
Post not yet marked as solved
Mac application files with extension .app and .ipa will be signed using the key stored in HSM(Not in Secure Enclave).How will Apple cryptokit framework help in the signing process?