CryptoKit SecureEnclave and LAContext

Hi

I want to prompt for FaceID or TouchID before creating the private key in the Secure Enclave. And again when the key is recreated.

I might be misinterpreting the documentation wrong, but I thought passing in LAContext instance to the authenticationContext parameter does this for you in both create and recreate use cases.

For example:
Code Block swift
let authContext = LAContext()
let accessControl = SecAccessControlCreateWithFlags(
nil,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[.privateKeyUsage, .biometryCurrentSet],
nil)!
let key0 = try! SecureEnclave.P256.Signing.PrivateKey(
accessControl: accessControl,
authenticationContext: authContext)
let key1 = try! SecureEnclave.P256.Signing.PrivateKey(
dataRepresentation: key0.dataRepresentation,
authenticationContext: authContext)

I was expecting a biometry prompt to appear twice, on create and on recreate CryptoKit operations - no authentication prompt appears on an iPhoneX 14.3 with FaceID enrolled and enabled. Same result in the simulator.

Read a few articles all suggesting the above code snippet is what you need to do, but I'm not seeing the desired result.

Appreciate any help with this 🙏
Answered by craigaps in 662974022
It appears that this is not a bug. SecAccessControl provides protection for crypto operations (decryption, signature) with a private key. Object creation and deletion are not protected.
Accepted Answer
It appears that this is not a bug. SecAccessControl provides protection for crypto operations (decryption, signature) with a private key. Object creation and deletion are not protected.
CryptoKit SecureEnclave and LAContext
 
 
Q