I have generated a ECSECPrimeRandom key in the Secure Enclave that I use to encrypt and decrypt data (mainly strings) using the eciesEncryptionCofactorX963SHA256AESGCM algorithm.
I have specified the access control on this key to be
since I want to authenticate the user before using the private key.
The problem is that I sometimes want to "bulk" decrypt multiple encrypted Data items at once using this key. Under the current implementation, though, if I have n strings to decrypt at once, the user is prompted for authentication n times, which is quite cumbersome.
Is there a method I can use like SecKeyCreateDecryptedData, but for bulk decryption? Or is there a way I could tweak to .userPresence option to add some a few seconds of grace period so that the user is only prompted once for authentication?
I have specified the access control on this key to be
Code Block swift [.privateKeyUsage, .userPresence]
since I want to authenticate the user before using the private key.
The problem is that I sometimes want to "bulk" decrypt multiple encrypted Data items at once using this key. Under the current implementation, though, if I have n strings to decrypt at once, the user is prompted for authentication n times, which is quite cumbersome.
Is there a method I can use like SecKeyCreateDecryptedData, but for bulk decryption? Or is there a way I could tweak to .userPresence option to add some a few seconds of grace period so that the user is only prompted once for authentication?
I think you can do this using one of the techniques below but, alas, I don’t have the time today to dig up the details. If these don’t work out, I recommend that you open a DTS tech support incident and that’ll give me the time to look into this properly.
One approach is to supply an LAContext (using kSecUseAuthenticationContext) when you get the item from the keychain. This context gets authenticated the first time you use it, and subsequent uses can reuse that authentication.
Another option is to get the key, then gets its access object SecAccessControl, then evaluate that using evaluateAccessControl(_:operation:localizedReason:reply:).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
One approach is to supply an LAContext (using kSecUseAuthenticationContext) when you get the item from the keychain. This context gets authenticated the first time you use it, and subsequent uses can reuse that authentication.
Another option is to get the key, then gets its access object SecAccessControl, then evaluate that using evaluateAccessControl(_:operation:localizedReason:reply:).
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
