Secure Enclave when are keys deleted

Hello,


I am using the secure enclave to generate an EC keypair. Now my question is, when are the keys deleted? Because when I uninstall my application and install it again, the key is still available. I can't find anything in the documentation that would explain how it should behave.

Can I count on it, that once I have created a key-pair, that it will always be available?

Wouldn't that mean that the secure enclave will somehow have lots of keys that are propably not used anymore (e.g from apps that have been uninstalled long time ago).

Replies

Because when I uninstall my application and install it again, the key is still available.

Indeed. And this is a surprisingly complex question. I discussed it in some detail in this post.

One other thing to watch out for is that keychain items do not always survive backup and restore (see this post). Given that, you need make sure that your code handles keychain items ‘disappearing’.

Wouldn't that mean that the secure enclave will somehow have lots of keys that are propably not used anymore

Quite possibly. Fortunately, these items aren’t actually stored on the SE. Rather, they are stored on the device itself, but in a way that the item is only available to the SE. And the device has tonnes of space (-:

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"

okay understand. thank you for your help.


Another thing that I recognized.

If I call the function SecKeyGeneratePair(<keyparamters>) with the same key parameters twice, it succeeds and I get two different key pairs.

So far so good. Lets call them keyPair_A and keyPair_B.
Now to retrieve a keypair from the secure enclave, I use the function SecItemCopyMatching(<keyparamters>) and I will get the key (keyreference) that matches the <keyparameters>. In my case I will get only keyPair_A. I will not be able to retrieve keyPair_B.


So what makes me wondering here is, why does the second call of SecKeyGeneratePair(...) not return an error like "keypair already exists"?
That would make sense to me. Or if it does not return an error, but instead would overwrite the keyPair_A with keyPair_B.

I know you are probably not the one who makes the design decisions here, but perhaps you have some more information for me :-)

Each keychain item class has a set of attributes that contribute to uniqueness within that table in the keychain database. Those attributes are documented on the

errSecDuplicateItem
page. This list includes
kSecAttrApplicationLabel
which, for asymmetric keys, stores the public key hash (see this post). Thus, each key you generate has an attribute that’s always unique, so you never get collisions.

Share and Enjoy

Quinn “The Eskimo!”
Apple Developer Relations, Developer Technical Support, Core OS/Hardware

let myEmail = "eskimo" + "1" + "@apple.com"