Open ma-pe opened 6 years ago
hfossli
commented
6 years ago Interesting. I didn’t know you could pass a password. I thought it had to be done by the user first time upon key creation. If the api is limiting you I am open to change that. Let me know how it goes and please send me diffs :)
ma-pe
commented
6 years ago You can prompt the user to enter a password and use this as the application password. Though, this is not automatically triggered by the key generation.
This is a good example for setting and getting secrets with .applicationPassword:
https://macbirdie.net/2016/03/app-pwd
We don't need this at the moment. I just wanted to check how it works. Once we move forward in our development I check back and try to help, when we decide to use it.
hfossli
commented
6 years ago Thanks for sharing that useful article. I think as you, that changes is required in order to properly support this. I will have to think about this.
What’s needed to consider
netgfx
commented
3 years ago Has this issue seen any progress? It seems like a really useful and popular feature, as Apps like Revolut use that kind of flow as well. Biometric or App password.
If it helps there an implementation here as well https://github.com/algrid/keychain-sample/blob/master/keychain-sample/KeychainHelper.swift
Hey, it's me again :-)
Still happily using the master-branch. Lately, I wanted to try the
application passwordmethod for devices that haven't set fingerprint or passcode.I added the flag
.applicationPasswordresulting in:flags: EllipticCurveKeyPair.Device.hasSecureEnclave ? [.applicationPassword, .privateKeyUsage] : [.applicationPassword].My understanding is, that I'd have to provide the actual password to the LAContext before key creation. Something like this:
context.setCredential("passwordFromServer".data(using:String.Encoding.utf8)!, type: LACredentialType.applicationPassword)Though, I don't pass the LAContext to key creation. Regarding your API I can only provide it when decrypting or signing.