I'm developing an iOS Framework based on Objective-C that needs to generate Elliptic Curve KeyPair by Software, in order to retrieve the PrivateKey, encrypt and store it. This PrivateKey is used later to sign (with the SecKeyRawSign method) and the signature will be sent back to the server, where will be checked with the PublicKey.
To achieve the generation I'm using the Keychain (not the Secure Enclave), in this way I'm able to retrieve both Key also as CFDataRef.
Now I need to encrypt the PrivateKey, and I can't just encrypt the entire byte array, otherwise when I will try to decrypt it with a wrong password, I will not be able to reconstruct anywhere the Key, and the sign method will fail, exposing me to offline attacks. What I'm saying is that, when I will decrypt the Key, I would like to receive a well format key, but obviously not the correct one, so I can generate a signature and delegate to the server the verification and how to handle the error.
So, how can I encrypt this byte array of the PrivateKey?
Everything is already implemented, also the encryption and decryption methods, I need just to extract "a part" of the PrivateKey and encrypt just that, but how can I do this?