Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
from Foundation import NSString, NSUTF8StringEncoding
from Security import *
# As per: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc
# and: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys?language=objc#2863927
access = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
kSecAccessControlPrivateKeyUsage,
None)
tag = NSString.dataUsingEncoding_("com.sheagcraig.keys.testkey", NSUTF8StringEncoding)
attributes = {
kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits: 256,
kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
kSecPrivateKeyAttrs: {
kSecAttrIsPermanent: True,
kSecAttrApplicationTag: tag,
kSecAttrAccessControl: access
}
}
private_key, error = SecKeyCreateRandomKey(attributes, None)
# error = Error Domain=NSOSStatusErrorDomain Code=-50 "failed to generate asymmetric keypair" (paramErr: error in user parameter list) UserInfo={NSDescription=failed to generate asymmetric keypair}
# Could it truly be this: https://forums.developer.apple.com/thread/107586
# i.e. that non of the Pythons I'm trying has a `com.apple.application-identifier` entitlement?
# FWIW I tried without including an application tag as well.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment