kSecAttrTokenIDSecureEnclave

kSecAttrTokenIDSecureEnclave

我正在努力尝试用kSecAttrTokenIDSecureEnclave生成私钥-公钥对,以便在安全区域中生成私钥。
kSecAttrTokenIDSecureEnclave在哪里记录?以下是我的代码,状态代码为-50失败。

- (void)generateKeyPair {
    const UInt8 publicTagString[] = "public";
    const UInt8 privateTagString[] = "private";

    publicTag = CFDataCreate(0, publicTagString, sizeof(publicTagString));
    privateTag = CFDataCreate(0, privateTagString, sizeof(privateTagString));

    CFMutableDictionaryRef publicAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
    CFDictionaryAddValue(publicAttr, kSecAttrApplicationTag, publicTag);
    // CFDictionaryAddValue(publicAttr, kSecAttrIsPermanent, kCFBooleanTrue);
    CFDictionaryAddValue(publicAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
    CFDictionaryAddValue(publicAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
    CFDictionaryAddValue(publicAttr, kSecAttrCanDerive, kCFBooleanFalse);
    CFDictionaryAddValue(publicAttr, kSecAttrCanSign, kCFBooleanFalse);
    CFDictionaryAddValue(publicAttr, kSecAttrCanVerify, kCFBooleanTrue);
    CFDictionaryAddValue(publicAttr, kSecAttrCanUnwrap, kCFBooleanFalse);

    CFMutableDictionaryRef privateAttr = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, NULL, NULL);
    CFDictionaryAddValue(privateAttr, kSecAttrApplicationTag, privateTag);
    // CFDictionaryAddValue(privateAttr, kSecAttrIsPermanent, kCFBooleanTrue);
    CFDictionaryAddValue(privateAttr, kSecAttrCanEncrypt, kCFBooleanFalse);
    CFDictionaryAddValue(privateAttr, kSecAttrCanDecrypt, kCFBooleanFalse);
    CFDictionaryAddValue(privateAttr, kSecAttrCanDerive, kCFBooleanFalse);
    CFDictionaryAddValue(privateAttr, kSecAttrCanSign, kCFBooleanTrue);
    CFDictionaryAddValue(privateAttr, kSecAttrCanVerify, kCFBooleanFalse);
    CFDictionaryAddValue(privateAttr, kSecAttrCanUnwrap, kCFBooleanFalse);

    const void* parameterKeys[] = {
        kSecAttrKeyType,
        kSecAttrKeySizeInBits,
        kSecAttrTokenID,
        kSecPublicKeyAttrs,
        kSecPrivateKeyAttrs
    };

    int intKeySize = 512;
    CFNumberRef keySize = CFNumberCreate(kCFAllocatorDefault, kCFNumberIntType, &intKeySize);

    const void* parameterValues[] = {
        kSecAttrKeyTypeRSA,
        keySize,
        kSecAttrTokenIDSecureEnclave,
        publicAttr,
        privateAttr
    };

    CFDictionaryRef parameters = CFDictionaryCreate(
        kCFAllocatorDefault,
        parameterKeys,
        parameterValues,
        5, // ??? Make this programmatic
        NULL,
        NULL
    );

    OSStatus status = SecKeyGeneratePair(parameters, &publicKey, &privateKey);

    if(status != errSecSuccess) {
        [self logError:[NSString stringWithFormat:@"SecKeyGeneratePair status %d", (int)status] :nil];
        return;
    }
}

最佳答案

您收到的错误-50表示参数错误。您传递给函数的参数不正确或不适合该操作。如果查看SecItem header 或,您将看到:



在安全区域中生成私钥时,当前尚不支持RSA密码。切换到256位EC key 。

这在WWDC 2015 session 706 Security And Your Apps中进行了介绍。 Apple示例项目“KeychainTouchID”显示了使用安全区域生成和使用 key 的正确参数。

关于ios - kSecAttrTokenIDSecureEnclave记录在哪里?,我们在Stack Overflow上找到一个类似的问题:https://stackoverflow.com/questions/33650425/

10-10 17:30