AccessControl for publicKey doesn't restrict to biometryCurrentSet flag

agens-no / EllipticCurveKeyPair

Sign, verify, encrypt and decrypt using the Secure Enclave

Other

708 stars 114 forks source link

AccessControl for publicKey doesn't restrict to biometryCurrentSet flag #52

Open romanbaitaliuk opened 3 years ago

romanbaitaliuk commented 3 years ago

Hi,

I've found your helper is really useful. Despite, I couldn't understand the AccessControl for publicKey. When I set it to [.biometryCurrentSet, .privateKeyUsage] it doesn't ask me to authenticate with FaceID/TouchID when encrypting data.

Do you know why is it happening?

I believe there is no point to have those flags when create KeyPair manager, we can just provide AccessControl for privateKey.

Thanks, Roman

hfossli commented 3 years ago

Simulator or device?

romanbaitaliuk commented 3 years ago

I've tried on real device.

hfossli commented 3 years ago

I agree with your point though I believed it would be the same for public key