I'm trying to generate RSA private-public(kSecAttrKeyTypeRSA) keypair with access control.
Below code works fine when i just set "kSecAccessControlTouchIDCurrentSet" in access control flags. Private-Public Keys are generated and when i'm trying to access Private Key, I'm getting the TouchID/ FaceID prompt when i call "SecItemCopyMatching". This works fine.
But if i set "kSecAccessControlPrivateKeyUsage" or "kSecAccessControlTouchIDCurrentSet | kSecAccessControlPrivateKeyUsage", SecKeyGeneratePair returns "-25293".
I am not using the SecureEnclave option as I want to generate RSA keys.
Can you please let me know the importance of "kSecAccessControlPrivateKeyUsage" while setting access control and when should it be used .?
Does it not work for RSA keys ?
SecAccessControlRef sacRef;
CFErrorRef err = NULL;
//Gets our Security Access Control ref for user presence policy (requires user AuthN)
sacRef = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly,kSecAccessControlTouchIDCurrentSet | kSecAccessControlPrivateKeyUsage,
&err);
CurrentSet | kSecAccessControlPrivateKeyUsage,
NSMutableDictionary * privateKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * publicKeyAttr = [[NSMutableDictionary alloc] init];
NSMutableDictionary * keyPairAttr = [[NSMutableDictionary alloc] init];
// Set top level dictionary for the keypair.
[keyPairAttr setObject:(__bridge id)kSecAttrKeyTypeRSA forKey:(__bridge id)kSecAttrKeyType];
[keyPairAttr setObject:[NSNumber numberWithUnsignedInteger:2048] forKey:(__bridge id)kSecAttrKeySizeInBits];
[keyPairAttr setObject:(__bridge id)kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly forKey:(__bridge id)kSecAttrAccessible];
// Set the private key dictionary.
[privateKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[privateKeyAttr setObject:privateTag forKey:(__bridge id)kSecAttrApplicationTag];
[privateKeyAttr setObject:(__bridge_transfer id)sacRef forKey:(__bridge id)kSecAttrAccessControl];
// Set the public key dictionary.
[publicKeyAttr setObject:[NSNumber numberWithBool:YES] forKey:(__bridge id)kSecAttrIsPermanent];
[publicKeyAttr setObject:publicTag forKey:(__bridge id)kSecAttrApplicationTag];
// Set attributes to top level dictionary.
[keyPairAttr setObject:privateKeyAttr forKey:(__bridge id)kSecPrivateKeyAttrs];
[keyPairAttr setObject:publicKeyAttr forKey:(__bridge id)kSecPublicKeyAttrs];
dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
OSStatus sanityCheck = noErr;
SecKeyRef publicKey = NULL;
SecKeyRef privateKey = NULL;
sanityCheck = SecKeyGeneratePair((__bridge CFDictionaryRef)keyPairAttr, &publicKey, &privateKey);