SecKeyCreateDecryptedData fails with "Erro... |Apple Developer Forums

122 Views 3 Replies

Latest reply on Aug 12, 2019 11:14 PM by aravind_v

Level 1 (0 points)

aravind_v Aug 7, 2019 8:50 AM

Hi,

Our application predominantly uses the keychain and the secure enclave to generate asymmetric keys and decrypt using the secure enclave.

When testing our application against iOS 13 beta for any compatibilty issues, we encounted a problem while decrypting using the Secure Enclave.

We use SecAccessControlCreateFlags.biometryAny constraint to restrict accessing the private key only with a valid biometric registered on the device, and, this is what is actually causing the problem. When SecAccessControlCreateFlags.biometryAny is not set, the decryption succeeds.

Below is the error that is thrown:

Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret}

keyType: kSecAttrKeyTypeECSECPrimeRandom

accessibilityProtection: kSecAttrAccessibleWhenUnlockedThisDeviceOnly

accessControlFlags: SecAccessControlCreateFlags.biometryAny.rawValue

Decryption Algorithm: eciesEncryptionCofactorX963SHA256AESGCM

This whole feature works perfectly on all other versions of iOS below 13.0.

Please let us know if this is a known issue, or, if you have any suggestions to overcome this.

Thanks,

Aravind Vaidhyanathan

Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

Apple Staff (11,625 points)
eskimo Aug 8, 2019 1:53 AM (in response to aravind_v)

This whole feature works perfectly on all other versions of iOS below 13.0.
My general advice in situations like this, where you have existing code that’s failing on a pre-release system, is to file a bug. It’s possible that you’re doing something wrong that just happened to work on previous systems, but it’s just as likely that this is a bug in the system itself.
Please post your bug number, just for the record.
Share and Enjoy
—
Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware
let myEmail = "eskimo" + "1" + "@apple.com"
This helped me (0)

Actions
- Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"
  
  Level 1 (0 points)
  aravind_v Aug 12, 2019 12:36 AM (in response to eskimo)
  
  Thanks, Quinn.
  
  I have filed a bug:
  https://feedbackassistant.apple.com/feedback/7002453
  
  Thanks,
  Aravind Vaidhyanathan
  
  This helped me (0)
  
  Actions
Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

Level 1 (0 points)
aravind_v Aug 12, 2019 11:14 PM (in response to aravind_v)

The issue seems to have been fixed in the latest beta 13.0(17a5556d).

Thanks,
Aravind Vaidhyanathan
This helped me (0)

Actions

Go to original post

Search Communities

SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

Re: SecKeyCreateDecryptedData fails with "Error Domain=CryptoTokenKit Code=-3 "setoken: unable to compute shared secret" UserInfo={NSLocalizedDescription=setoken: unable to compute shared secret"

More Like This