Created
May 3, 2020 12:23
-
-
Save sheagcraig/14db39df6770e26c44b5455b775a199b to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| from Foundation import NSString, NSUTF8StringEncoding | |
| from Security import * | |
| # As per: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/storing_keys_in_the_secure_enclave?language=objc | |
| # and: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys?language=objc#2863927 | |
| access = SecAccessControlCreateWithFlags( | |
| kCFAllocatorDefault, | |
| kSecAttrAccessibleWhenUnlockedThisDeviceOnly, | |
| kSecAccessControlPrivateKeyUsage, | |
| None) | |
| tag = NSString.dataUsingEncoding_("com.sheagcraig.keys.testkey", NSUTF8StringEncoding) | |
| attributes = { | |
| kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom, | |
| kSecAttrKeySizeInBits: 256, | |
| kSecAttrTokenID: kSecAttrTokenIDSecureEnclave, | |
| kSecPrivateKeyAttrs: { | |
| kSecAttrIsPermanent: True, | |
| kSecAttrApplicationTag: tag, | |
| kSecAttrAccessControl: access | |
| } | |
| } | |
| private_key, error = SecKeyCreateRandomKey(attributes, None) | |
| # error = Error Domain=NSOSStatusErrorDomain Code=-50 "failed to generate asymmetric keypair" (paramErr: error in user parameter list) UserInfo={NSDescription=failed to generate asymmetric keypair} | |
| # Could it truly be this: https://forums.developer.apple.com/thread/107586 | |
| # i.e. that non of the Pythons I'm trying has a `com.apple.application-identifier` entitlement? | |
| # FWIW I tried without including an application tag as well. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment