Has it been considered to implement a optional option to change the signature creation to only work if the device has a TPM/Secure enclave? Otherwise you could still get the private key on a fully owned device. The risk of this is of course lower then Event-based verification but it would still improve security and use hardware encryption for what it was intended for.
For android this would be as easy as checking the setIsStrongBoxBacked function when doing the KeyGenParameterSpec.Builder.
rikur
commented
1 year ago
Hello All,
Has it been considered to implement a optional option to change the signature creation to only work if the device has a TPM/Secure enclave? Otherwise you could still get the private key on a fully owned device. The risk of this is of course lower then Event-based verification but it would still improve security and use hardware encryption for what it was intended for.
For android this would be as easy as checking the
setIsStrongBoxBackedfunction when doing theKeyGenParameterSpec.Builder.https://developer.android.com/reference/android/security/keystore/KeyGenParameterSpec.Builder#setIsStrongBoxBacked(boolean)
And for IOS it would mean to change the
kSecAttrKeyTypetokSecAttrKeyTypeECand thekSecAttrTokenIDtokSecAttrTokenIDSecureEnclaveAs mentioned in these documents:
https://developer.apple.com/documentation/security/ksecattrtokenidsecureenclave
https://medium.com/@alx.gridnev/ios-keychain-using-secure-enclave-stored-keys-8f7c81227f4