search

agens-no / EllipticCurveKeyPair

Sign, verify, encrypt and decrypt using the Secure Enclave
Other
709 stars 115 forks source link

Macos demo #14

Closed hfossli closed 7 years ago

swizzlr commented 7 years ago

@hfossli Appears to work on my machine:

SecItemCopyMatching: ["kcls": 0, "class": keys, "labl": "no.agens.sign.public", "r_Ref": true]
SecKeyGeneratePair: ["bsiz": 256, "type": "73", "private": ["u_AuthUI": u_AuthUIA, "tkid": com.apple.setoken, "labl": "no.agens.sign.private", "perm": true, "u_OpPrompt": "Sign transaction", "accc": <SecAccessControlRef: 0x600000031e60>], "public": ["labl": "no.agens.sign.public", "accc": <SecAccessControlRef: 0x600000037440>], "tkid": com.apple.setoken]
SecItemAdd: ["v_Ref": <SecKeyRef curve type: kSecECCurveSecp256r1, algorithm id: 3, key type: ECPublicKey, version: 4, block size: 256 bits, y: 49C90042215C3CC81CAAD169F5A0BFCAECAA74CD12D5A071D2747309E6AC3BE8, x: 5007AE4BEDF66A00AE65A2C771AD5ACDFA17B04625D2FEA0D85C87870067DBA4, addr: 0x1010192b0>, "class": keys, "labl": "no.agens.sign.public"]
SecItemCopyMatching: ["v_Ref": <SecKeyRef:('com.apple.setoken') 0x6040000c5780>, "class": keys, "r_Attributes": true]
SecItemCopyMatching: ["kcls": 1, "class": keys, "labl": "no.agens.sign.private", "agrp": "J8Z3TY4LS9.no.agens.Demo-macOS", "u_AuthCtx": <LAContext: 0x604000275940>, "r_Ref": true]
Signature verified
SecItemCopyMatching: ["v_Ref": <SecKeyRef curve type: kSecECCurveSecp256r1, algorithm id: 3, key type: ECPublicKey, version: 4, block size: 256 bits, y: 49C90042215C3CC81CAAD169F5A0BFCAECAA74CD12D5A071D2747309E6AC3BE8, x: 5007AE4BEDF66A00AE65A2C771AD5ACDFA17B04625D2FEA0D85C87870067DBA4, addr: 0x1010192b0>, "class": keys, "r_Data": true]

#! /bin/sh
echo 666f6f | xxd -r -p > dataToSign.dat
echo 3046022100cf9c6eac81f9ab94298da3de8aa178e3f469816a5597f4a41fb9d227ca7286c7022100e09650818742c366c23d3de79b8e31ea8eea9052d66b0863c38c391533230fda | xxd -r -p > signature.dat
cat > key.pem <<EOF
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEUAeuS+32agCuZaLHca1azfoXsEYl
0v6g2FyHhwBn26RJyQBCIVw8yByq0Wn1oL/K7Kp0zRLVoHHSdHMJ5qw76A==
-----END PUBLIC KEY-----
EOF
/usr/local/opt/openssl/bin/openssl dgst -sha256 -verify key.pem -signature signature.dat dataToSign.dat
hfossli commented 7 years ago

Awesome. What did you do wrt entitlements etc?

hfossli commented 7 years ago

Hey, thanks for testing. That console output is useful. Can you share with me?

I've got

swizzlr commented 7 years ago

All I think I did was update the code signing info. Didn't touch the entitlements.

os: 10.13.1 Mac: 2016 13" Touch Bar MBP

I suspect that's your issue – something to do with Secure Enclave. When I ran it, it asked for my fingerprint and did it all correctly.

hfossli commented 7 years ago

Allright. Thanks for the input. I don't get it working on my end, but I will try on a different machine.

hfossli commented 7 years ago

Worked flawlessly when I tested on a Touch Bar MBP 🎉

swizzlr commented 7 years ago

Excellent!