Skip to content

Instantly share code, notes, and snippets.

@sheagcraig
Created May 3, 2020 12:23
Show Gist options
  • Save sheagcraig/14db39df6770e26c44b5455b775a199b to your computer and use it in GitHub Desktop.
Save sheagcraig/14db39df6770e26c44b5455b775a199b to your computer and use it in GitHub Desktop.
from Foundation import NSString, NSUTF8StringEncoding
from Security import *
# As per: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc
# and: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys?language=objc#2863927
access = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecAccessControlPrivateKeyUsage,
None)
tag = NSString.dataUsingEncoding_("com.sheagcraig.keys.testkey", NSUTF8StringEncoding)
attributes = {
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: 256,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecPrivateKeyAttrs: {
kSecAttrIsPermanent: True,
kSecAttrApplicationTag: tag,
kSecAttrAccessControl: access
}
}
private_key, error = SecKeyCreateRandomKey(attributes, None)
# error = Error Domain=NSOSStatusErrorDomain Code=-50 "failed to generate asymmetric keypair" (paramErr: error in user parameter list) UserInfo={NSDescription=failed to generate asymmetric keypair}
# Could it truly be this: https://forums.developer.apple.com/thread/107586
# i.e. that non of the Pythons I'm trying has a `com.apple.application-identifier` entitlement?
# FWIW I tried without including an application tag as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment