Open rakesh1988 opened 5 years ago
I'm curious about how this will look, but I worry about adding APIs that are only supported on platform:
Is this actually possible? From what I read from the documentation it seems like you can't store existing keys in the Secure Enclave. You'd have to generate a new one inside it and sign/encrypt with the APIs exposed from the Secure Enclave
Can’t import preexisting keys. You must create keys directly inside the Secure Enclave. Not having a mechanism to transfer key data into or out of the Secure Enclave is fundamental to its security.
I wish this wasn't the case because I would also be happy to add keys created in my app to the Secure Enclave instead of the normal keychain
Regarding these two questions, though:
- we don't have an equivalent concept for Windows or Linux, so what happens if those users try and call that API?
You could make the API a no-op on other platforms, or if a user tries to call it on another platform an error would be thrown
- what about on macOS environments where the secure enclave isn't available?
This is a bit of a problem since there's no API to check this (for some reason). One option is to try creating a key and handle error code -4
(no Secure Element) accordingly. Another solution checks if the device supports biometrics (Touch ID/Face ID) and if the device is a simulator, since all Apple device that have biometrics currently also have a Secure Element.
would be great if this feature is supported by node-keytar, here is some work from keeweb regarding it:
does it make sense to add support for storing keys into secure enclave on new macbook pro's? I will be more than happy to add this feature with some guidance. Thanks