You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Mar 28, 2023. It is now read-only.
create a keypair where as the private key is stored in the secure enclave
sign a string / some data with the private key
use the security functions like SecKeyRawVerify, SecKeyGeneratePair and SecItemCopyMatching in Swift 3 and Objective-C
store the public key in the keychain
Apple quietly released a new API in iOS 9 (kSecAttrTokenIDSecureEnclave) that allowed developers to create and use keys stored directly in the Secure Enclave (see "Security and Your Apps" starting from slide 195). This feature opens enormous possibilities for security by enabling applications to use private keys that are safely stored outside of iOS and away from any potential malware.
We tried to use this API shortly after it was released and found it lacking: the required attribute was entirely undocumented, the key format is not compatible with OpenSSL, and Apple didn't even say what cipher suite was used (it's secp256r1). The code in this repository is an attempt to fix these issues by providing an easy-to-use wrapper around the Secure Enclave Crypto API.
Show me the code
This project thus contains two codebases, one in Swift (from @hfossli) and one in Objective-C which show how to use this API for basic functionality. Both directories contain a README.md file with more specific documentation.
Creating OpenSSL-compatible public key
The public key returned from the Secure Enclave can be fed to key_builder.rb to create an OpenSSL-compatible representation of the ECC public key. The key_builder.rb script takes one parameter: the public key as hex / base 16.
