Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
from Foundation import NSString, NSUTF8StringEncoding
from Security import *
# As per: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc
# and: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys?language=objc#2863927
access = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecAccessControlPrivateKeyUsage,
None)
tag = NSString.dataUsingEncoding_("com.sheagcraig.keys.testkey", NSUTF8StringEncoding)
attributes = {
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: 256,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecPrivateKeyAttrs: {
kSecAttrIsPermanent: True,
kSecAttrApplicationTag: tag,
kSecAttrAccessControl: access
}
}
private_key, error = SecKeyCreateRandomKey(attributes, None)
# error = Error Domain=NSOSStatusErrorDomain Code=-50 "failed to generate asymmetric keypair" (paramErr: error in user parameter list) UserInfo={NSDescription=failed to generate asymmetric keypair}
# Could it truly be this: https://forums.developer.apple.com/thread/107586
# i.e. that non of the Pythons I'm trying has a `com.apple.application-identifier` entitlement?
# FWIW I tried without including an application tag as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.