Dear Apple Support,
I hope this message finds you well.
I am writing to inquire about the storage capacity and key generation limitations of the Secure Enclave on iOS devices. My specific questions are as follows:
-
Does the Secure Enclave utilize its own independent memory for storing keys and other sensitive data?
-
Is this storage area shared among all apps on the device?
-
If the storage is indeed shared among all apps, is it possible that my app could fail to generate and store even a single key due to a lack of available memory in the Secure Enclave?
Understanding these details is crucial for the secure development of our application. We need to ensure that we can reliably generate and store keys within the Secure Enclave without encountering unexpected limitations.
Thank you for your assistance and I look forward to your response.
Best regards,
The SE has many different features and so it’s best to focus on APIs rather than the underlying implementation. For example, the SecItem API lets you manage keys that are protected by the SE. However, the bytes of such a key are not stored on the SE. Rather, they are stored in the keychain, which is a database managed by the AP. Thus, there is no SE-imposed limit to the number of such keys you can create.
If you have questions about the best practice for using a specific API, please post the details and I’d be happy to answer those. However, if you’re simply curious as to how this stuff is implemented, that’s not something I can help you with [1].
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] Although, as CMDdev mentioned, the Apple Platform Security Guide is full of useful titbits.