Create access control with only [.privateKeyUsage]

[b00tsy]

Hi, thanks for providing this library. Makes my live less complicated :)

I have a follow up question on the matter of issue #15: I do as you suggest (using only .privateKeyUsage as flags, which results in that error: throw EllipticCurveKeyPair.Error.inconcistency(message: "Couldn't create access control flag. Keychain chokes if you try to create access control with only [.privateKeyUsage] on devices older than iOS 11 and macOS 10.13.x")

Is that meant to throw? I'm running this on iOS 12+ (getting it actually on iOS 14) and am wondering whether this should only throw for the iOS / macOS versions mentioned in the crash description.

Commenting those lines out that check if only .privateKeyUsage is set, everything works fine...

That's my code:

static let manager: EllipticCurveKeyPair.Manager = {
            let publicAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: [])
            let privateAccessControl = EllipticCurveKeyPair.AccessControl(protection: kSecAttrAccessibleAfterFirstUnlockThisDeviceOnly, flags: {
                return EllipticCurveKeyPair.Device.hasSecureEnclave ? [.privateKeyUsage] : []
            }())
            let config = EllipticCurveKeyPair.Config(
                publicLabel: "public",
                privateLabel: "private",
                operationPrompt: "",
                publicKeyAccessControl: publicAccessControl,
                privateKeyAccessControl: privateAccessControl,
                token: .secureEnclaveIfAvailable)
            return EllipticCurveKeyPair.Manager(config: config)
        }()

Originally posted by @b00tsy in https://github.com/agens-no/EllipticCurveKeyPair/issues/15#issuecomment-773923637

[hfossli]

Not sure. I'll keep this in mind next time I make a change. Please fork in the meantime.

[DanboDuan]

see this pr https://github.com/agens-no/EllipticCurveKeyPair/pull/62

[hfossli-agens]

👏