User Profile

The items are written to the older macOS filesystem keychain, not the data protection keychain. LAContext is being used as a user presence check, unrelated to protection of the keychain items. The XPC service is vended by a launch agent. While we're trying to wrap it inside a bundle, it won't be contained within an application. The bundle is intended to get an app icon to show on the LAContext-driven system dialog, nothing more.

Why are you trying to do this? I'm trying to do something similar. My ultimate goal is to interface the C-level SecKey API with some Go code, but I'm trying to validate that I'm doing things correctly by round-tripping some simple sign and verify tasks with CryptoKit and Secure Enclave keys. You seem to be mixing CryptoKit and the older SecKey API, which can be done but it’s a little weird. What would it look like? I'm getting the dataRepresentation from a SecureEnclave.P256.Signing.PrivateKey, then trying to recreate it for use by the SecKey APIs with this: bool verify(const UInt8 *privateKey, size_t privateKeyLength, const UInt8 *data, size_t dataLength, const UInt8 *signature, size_t signatureLength) {     CFDataRef keyData = CFDataCreate(NULL, privateKey, privateKeyLength);     void *attributeKeys[] = {         (void *)kSecAttrKeyType,         (void *)kSecAttrKeyClass,         (void *)kSecAttrTokenID     };     void *attributeValues[] = {         (void *)kSecAttrKeyTypeEC,         (void *)kSecAttrKeyClassPrivate,         (void *)kSecAttrTokenIDSecureEnclave     };     CFDictionaryRef attributes = CFDictionaryCreate(NULL, (const void **)attributeKeys, (const void **)attributeValues, sizeof(attributeKeys) / sizeof(attributeKeys[0]), NULL, NULL);     CFErrorRef error;     SecKeyRef privateKeyRef = SecKeyCreateWithData(keyData, attributes, &error); // ... } This "works" insofar as I am not getting any errors, but signature validation always fails.

I'm seeing this exact behavior with the latest Xcode that was released today, 11.3.1. Have you learned anything these past few months?The only non-system frameworks I link with are Sentry and a simple one for logging.

Following my usual pattern of figuring things out soon after posting a question publicly, I discovered a few things this afternoon.There is an environment variable set when Xcode runs a build for previews: ENABLE_PREVIEWS = YES. This doesn't help my question above, but it does let me skip my SwiftLint build phase. I've long had issues with the use of @IBDesignables in a storyboard and SwiftLint rewriting files (through the autocorrect feature) fighting over a file's "newness" and getting lots of pop-ups about reverting or keeping Xcode's version. I don't know yet if this environment variable will help with that.To my original question, yes, Xcode does indeed set an environment variable in the process when it's running code for the purpose of generating a preview: XCODE_RUNNING_FOR_PREVIEWS = 1.I'm still getting a blank preview canvas after setting up a different managed object context and seeding it with some data. If I don't reference the objects in the SwiftUI view (by instead using static text), I'll see things. I'll update this thread again when I figure more out.(Also, since neither of those environment variables are documented anywhere, it's safe to say that this could change anytime.)