EllipticCurveKeyPair
EllipticCurveKeyPair copied to clipboard
"Could not generate keypair." when running on simulator
Hi! :)
thanks for developing and maintaining this library - this is great!
I just added some code to generate a keypair and sign a digest with it. While this works perfectly on my device (using secure enclave), I have some trouble getting it to run on simulator (using the keychain).
I get this error:
underlying(message: "Could not generate keypair.", error: Error Domain=NSOSStatusErrorDomain Code=-25293 "Could not generate keypair." UserInfo={NSLocalizedRecoverySuggestion=See https://www.osstatus.com/search/results?platform=all&framework=all&search=-25293, NSLocalizedDescription=Could not generate keypair.})
Here is my code:
struct KeyPair {
static let manager: EllipticCurveKeyPair.Manager = {
let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAlwaysThisDeviceOnly, flags: [])
let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: [.userPresence, .privateKeyUsage])
let config = EllipticCurveKeyPair.Config(
publicLabel: "n.sign.public",
privateLabel: "n.sign.private",
operationPrompt: "N SecureElement",
publicKeyAccessControl: publicAccessControl,
privateKeyAccessControl: privateAccessControl,
publicKeyAccessGroup: nil,
privateKeyAccessGroup: nil,
fallbackToKeychainIfSecureEnclaveIsNotAvailable: true
)
return EllipticCurveKeyPair.Manager(config: config)
}()
}
and
do {
let digest = "some_digest".data(using: .utf8)!
signature = try KeyPair.manager.sign(digest)
} catch {
...
}
Any ideas what I am doing wrong? Thank you.
Hey. Thanks for the kind words. ❤️
Can you try latest code from master? Seems like you are using release. Which simulator are you using?
I’m guessing you are using iOS 9 or something? I think your issue has been corrected in master. Sorry about the breaking api changes.
@hfossli thank you very much for the fast response.
You were right, I was using release. I just updated to master and did the corresponding api-changes.
Testing on device (secure enclave) is still successful. Testing on simulator (keychain) still responds with an error, but now it is another one:
underlying(message: "Could not generate keypair.", error: Error Domain=NSOSStatusErrorDomain Code=-26276 "Could not generate keypair." UserInfo={NSLocalizedRecoverySuggestion=See https://www.osstatus.com/search/results?platform=all&framework=all&search=-26276, NSLocalizedDescription=Could not generate keypair.})
OSStatus.com sais: An internal error occured in the Security framework.
I tried different iPhone simulators featuring iOS 11.2.
Are you on main thread/queue? Try to be on another queue. Can you paste the code?
Also, make sure you delete and recreate the keys.
And try with these access flags
let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAlwaysThisDeviceOnly, flags: [])
let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: {
return EllipticCurveKeyPair.Device.hasSecureEnclave ? [.userPresence, .privateKeyUsage] : [.userPresence]
}())
The code I am using is:
struct KeyPair {
static let manager: EllipticCurveKeyPair.Manager = {
let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAlwaysThisDeviceOnly, flags: [])
let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: {
return EllipticCurveKeyPair.Device.hasSecureEnclave ? [.userPresence, .privateKeyUsage] : [.userPresence]
}())
let config = EllipticCurveKeyPair.Config(
publicLabel: "n.sign.public",
privateLabel: "n.sign.private",
operationPrompt: "n Ident",
publicKeyAccessControl: publicAccessControl,
privateKeyAccessControl: privateAccessControl,
token: .secureEnclave)
return EllipticCurveKeyPair.Manager(config: config)
}()
}
No difference for me on different queues :(
How do I remove keys?
do {
try KeyPair.manager.deleteKeypair()
} catch {
...
}
Or just delete the app before you install
Thank you.
I am now deleting the keypair before creating a new one. On device everything works fine, on simulator still the -26276
-error.
I will try to recreate the bug on my end. I need xcode version, mac version, simulator version etc.
That would be great!
macOS High Sierra 10.13.3 XCode Version 9.2 iPhone simulators iOS 11.2 Deployment Target 10.0
do you need anything else?
Xcode build version and swift version would also be useful.
XCode Version 9.2 (9C40b) Swift 3.2
After studying your README again, I could resolve it:
I forgot to replace the token to token: .secureEnclaveIfAvailable
.
Thanks for your support!
Ah! That makes sense! Maybe a better error message could be nice in that case. Keeping it open until I fix that. Thanks!
why can I generate key pair from login screen?