Comments (13)
Private keys can not be migrates. Public keys can. In this case you need to recreate the key pair.
Also you should configure the public key to not be possible to migrate using the flags.
from ellipticcurvekeypair.
What is the flag for public key to not migrate? Thank you
from ellipticcurvekeypair.
Sorry, I meant protection id. You select one of the protection id's that fits your needs from here
https://developer.apple.com/documentation/security/keychain_services/keychain_items/item_attribute_keys_and_values?language=objc#1679100
For example you can choose this one https://developer.apple.com/documentation/security/ksecattraccessibleafterfirstunlockthisdeviceonly?language=objc
Example with kSecAttrAccessibleAlwaysThisDeviceOnly
struct KeyPair {
static let manager: EllipticCurveKeyPair.Manager = {
let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAlwaysThisDeviceOnly, flags: [])
let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: [.userPresence, .privateKeyUsage])
let config = EllipticCurveKeyPair.Config(
publicLabel: "payment.sign.public",
privateLabel: "payment.sign.private",
operationPrompt: "Confirm payment",
publicKeyAccessControl: publicAccessControl,
privateKeyAccessControl: privateAccessControl,
token: .secureEnclave)
return EllipticCurveKeyPair.Manager(config: config)
}()
}
from ellipticcurvekeypair.
My problem is in this method:
public func privateKey(context: LAContext? = nil) throws -> PrivateKey {
do {
if cachedPrivateKey?.context !== context {
cachedPrivateKey = nil
}
if let key = cachedPrivateKey {
return key
}
let key = try helper.getPrivateKey(context: context)
cachedPrivateKey = key
return key
} catch EllipticCurveKeyPair.Error.underlying(_, let underlying) where underlying.code == errSecItemNotFound {
if config.publicKeyAccessControl.flags.contains(.privateKeyUsage) == false, (try? helper.getPublicKey()) != nil {
**throw Error.probablyAuthenticationError(underlying: underlying)**
}
let keys = try helper.generateKeyPair(context: nil)
cachedPublicKey = keys.public
cachedPrivateKey = keys.private
return keys.private
} catch {
throw error
}
}
Once I finish in the catch, the code throws "Error.probablyAuthenticationError(underlying: underlying)" and I can not recover the situation.
Thanks for the tips until now
from ellipticcurvekeypair.
In the event of an itunes backup and you get this error
Found public key, but couldn't find or access private key. The errSecItemNotFound error is sometimes wrongfully reported when LAContext authentication fails
Then you need to delete the key (pseudo code)
do {
let privateKey = try manager.privateKey()
} catch {
if error == Error.probablyAuthenticationError {
try? manager.deleteKeyPair()
}
do {
let privateKey = try manager.privateKey()
} catch {
// this should be handled or reported back to user
}
}
What is your minimum deployment target? If it is iOS 10 you are lucky, then I have another solution for you.
from ellipticcurvekeypair.
yes, it is iOS 10.
from ellipticcurvekeypair.
Awesome. Then you may choose to not store the public key and instead just derive it from the private key when needed using SecKeyCopyPublicKey
. Some modifications to the library is needed in order to get that to work. I want to create a pre-ios-10 version and a post-ios-10 version. Maybe I find time this week.
from ellipticcurvekeypair.
In the meantime of your changes how can I fix it?
If I delete the keypair I do not have to regenerate the entire keypair?
In your example above only the private key is regenerated
from ellipticcurvekeypair.
You need to regenerate the entire keypair
from ellipticcurvekeypair.
I did it.
Thank you.
Wait for your modifications of library :)
from ellipticcurvekeypair.
I'm also facing the same issue after restoring the ios device. private key not found. able to get a public key. could you please share the code?
from ellipticcurvekeypair.
It is not possible to restore a private key stored in the secure enclave
from ellipticcurvekeypair.
Thank you.
After successful deletion of keypair its works.
from ellipticcurvekeypair.
Related Issues (20)
- Can I export the EC Private key ? HOT 2
- no prompts shown for face id auth on simulator HOT 5
- Encrypting messages using CLI Open SSL HOT 5
- deinitialize() and deallocate() causing Compiler Error in SHA256.swift HOT 6
- Demo Project Error HOT 2
- iOS 13 and CryptoKit HOT 1
- Error when signing or decrypting on Simulator (iOS 13) HOT 2
- Publish new version in CocoaPods? HOT 1
- Encryption on MacOS
- Wrong Simulator Detection
- AccessControl for publicKey doesn't restrict to biometryCurrentSet flag HOT 3
- SecItemCopyMatching not works in iphone 12 HOT 6
- Sign twice strings HOT 2
- Is secp256k1 curve supported?
- Create access control with only [.privateKeyUsage] HOT 3
- concern about userPresence HOT 2
- Authenticate only with Biometrics
- Deprecation Warnings and Making export() Method of PublicKey Public HOT 6
- iOS 13+ HOT 3
- Unable to generate key pair
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ellipticcurvekeypair.