• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Exporting a public key from the secure enclave
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Exporting a public key from the secure enclave

  • Subject: Re: Exporting a public key from the secure enclave
  • From: Doug Hill <email@hidden>
  • Date: Mon, 15 May 2017 16:06:21 -0700
> On May 15, 2017, at 3:46 PM, Jens Alfke <email@hidden> wrote:
>
> Is there a specific reason you’re trying to work with the secure enclave directly, and not just the keychain?
>
> In my experience the Keychain APIs are mind-curdlingly horrible to work with, and the newer the feature you’re trying to use, the worse they get. Have you tried doing this stuff without getting the secure enclave involved?
>
> —Jens



The reason I'm using the secure enclave is because, as of iOS 9, you can create an EC key inside the enclave where the private key can't be copied. You are only able to perform cryptographic operations inside the secure enclave using these keys. Only the public key is exportable, no one can get access to the private key, even the user.

And yes, the Security framework APIs are pretty wonky, and require an intense amount of cryptographic knowledge to use correctly. But at this point the roadblocks I'm running into aren't dealing with the enclave, but trying to pass data from iOS to a Linux version of openssl. And that has complexity which is off the scale and has little to no documentation, especially when using EC keys. Not counting all the forked versions of openssl out there. Apple still uses 0.9.8 on macOS and the Linux server I'm working with has 1.0.1. And I see many Google search results for versions talking about features neither of these versions support. So maddening.

Apparently a number of people have made this all work, given the sample code and dev forum posts I'm reading, so I'll see if I can do the same. But I hear you, this is all pretty difficult to use.

Doug Hill
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Exporting a public key from the secure enclave (From: Doug Hill <email@hidden>)
 >Re: Exporting a public key from the secure enclave (From: Jens Alfke <email@hidden>)

  • Prev by Date: Re: Exporting a public key from the secure enclave
  • Next by Date: Video Player Controls?
  • Previous by thread: Re: Exporting a public key from the secure enclave
  • Next by thread: Video Player Controls?
  • Index(es):
    • Date
    • Thread