Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
4.8k views
in Technique[技术] by (71.8m points)

ios - Does the flag kSecAttrAccessControl has an effect on the public key when generating the key pair using SecKeyGeneratePair?

I am creating a private/public key pair using the SecKeyGeneratePair method. To be able to do that I create a parameter dictionary with kSecPrivateKeyAttrs and kSecPublicKeyAttrs. In the kSecPrivateKeyAttrs and kSecPublicKeyAttrs (both a dictionary) I add kSecAttrAccessControl to set the protection level of the key (eg. kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly).

var publicKey, privateKey: SecKey?            
let status = SecKeyGeneratePair(params as CFDictionary, &publicKey, &privateKey)

The generation of the keys succeeds but it seams that adding the kSecAttrAccessControl only affects the private key. Is this documented somewhere?


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

I couldn't find any documentation but what you observe makes sense based on a few things:

  • Keychain APIs store secrets on Apple's platforms. The public key is not a secret. Only the private key is. So it makes sense that data protection would only apply to the private key.
  • The keychain on iOS is similar to Keychain Access on macOS. In Keychain Access, only private keys have access controls. See attached. That's my for my distribution private key.

enter image description here


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...