3 Replies
      Latest reply on Aug 12, 2019 11:14 PM by aravind_v
      aravind_v Level 1 Level 1 (0 points)

        Hi,

         

        Our application predominantly uses the keychain and the secure enclave to generate asymmetric keys and decrypt using the secure enclave.

         

        When testing our application against iOS 13 beta for any compatibilty issues, we encounted a problem while decrypting using the Secure Enclave.

         

        We use SecAccessControlCreateFlags.biometryAny constraint to restrict accessing the private key only with a valid biometric registered on the device, and, this is what is actually causing the problem. When SecAccessControlCreateFlags.biometryAny is not set, the decryption succeeds.

         

        Below is the error that is thrown:

         

        Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret}

         

        keyType: kSecAttrKeyTypeECSECPrimeRandom

        accessibilityProtection: kSecAttrAccessibleWhenUnlockedThisDeviceOnly

        accessControlFlags: SecAccessControlCreateFlags.biometryAny.rawValue

        Decryption Algorithm: eciesEncryptionCofactorX963SHA256AESGCM

         

        This whole feature works perfectly on all other versions of iOS below 13.0.

         

        Please let us know if this is a known issue, or, if you have any suggestions to overcome this.

         

        Thanks,

        Aravind Vaidhyanathan