Hi,
mainly for iOS, is it possible to call SecKeyCreateRandomKey with parameters so that using that private key will
- promp the user for touch id
- disallow changing touch id sets
- falls back to application password (NOT device code)
- keep the private key inside the enclave
Basically just like
SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,
kSecAccessControlTouchIDCurrentSet | kSecAccessControlPrivateKeyUsage | kSecAccessControlApplicationPassword
, &error);
but not in the way that it first asks for touch and then asks for the password regardless of touch being successful.
Cheers,
Andreas Pardeike