I was wondering if there is a way to determine the curve of an ECC key when/after stored in the KeyChain.
As these keys have the same size (256 bits), it's very confusing. I would be able to differentiate between P256, P384 and P521 using the key size, but is there a way to tell the difference between the Curve25519 and P256 variant, or maybe an attribute providing the used curve when stored in the Keychain?
Code Block swift let ed25519 = Curve25519.Signing.PrivateKey().rawRepresentation let p256 = P256.Signing.PrivateKey().rawRepresentation
As these keys have the same size (256 bits), it's very confusing. I would be able to differentiate between P256, P384 and P521 using the key size, but is there a way to tell the difference between the Curve25519 and P256 variant, or maybe an attribute providing the used curve when stored in the Keychain?
Quoting from Storing CryptoKit Keys in the Keychain here:
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
[1] Assuming that it’s an EC key (kSecAttrKeyType is kSecAttrKeyTypeECSECPrimeRandom) with a key size of 256 (kSecAttrKeySizeInBits).
If you get a SecKey value (kSecClass is kSecClassKey) then it’s a P256 [1]. OTOH, a Curve25519 ends up being stored as a generic password ( kSecClass is kSecClassGenericPassword). If you need to further distinguish within that group, you can store a marker in the kSecAttrGeneric attribute.Some of these key types, like P256.Signing.PrivateKey, correspond to
items that the Keychain Services API stores natively as SecKey
instances. Other key types, like Curve25519.Signing.PrivateKey, have
no direct keychain corollary. To store these kinds of keys, you
package them as generic passwords.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@apple.com"
[1] Assuming that it’s an EC key (kSecAttrKeyType is kSecAttrKeyTypeECSECPrimeRandom) with a key size of 256 (kSecAttrKeySizeInBits).