EllipticCurveKeyPair
EllipticCurveKeyPair copied to clipboard
agens-no
Create access control with only [.privateKeyUsage]
Hi, thanks for providing this library. Makes my live less complicated :)
I have a follow up question on the matter of issue #15: I do as you suggest (using only .privateKeyUsage as flags, which results in that error: throw EllipticCurveKeyPair.Error.inconcistency(message: "Couldn't create access control flag. Keychain chokes if you try to create access control with only [.privateKeyUsage] on devices older than iOS 11 and macOS 10.13.x")
Is that meant to throw? I'm running this on iOS 12+ (getting it actually on iOS 14) and am wondering whether this should only throw for the iOS / macOS versions mentioned in the crash description.
Commenting those lines out that check if only .privateKeyUsage is set, everything works fine...
That's my code:
static let manager: EllipticCurveKeyPair.Manager = {
let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: [])
let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: {
return EllipticCurveKeyPair.Device.hasSecureEnclave ? [.privateKeyUsage] : []
}())
let config = EllipticCurveKeyPair.Config(
publicLabel: "public",
privateLabel: "private",
operationPrompt: "",
publicKeyAccessControl: publicAccessControl,
privateKeyAccessControl: privateAccessControl,
token: .secureEnclaveIfAvailable)
return EllipticCurveKeyPair.Manager(config: config)
}()
Originally posted by @b00tsy in https://github.com/agens-no/EllipticCurveKeyPair/issues/15#issuecomment-773923637
Not sure. I'll keep this in mind next time I make a change. Please fork in the meantime.
