Store the password in the Secure enclave

jorgelbg / pinentry-touchid

Custom GPG pinentry program for macOS that allows using Touch ID for fetching the password from the macOS keychain.

Apache License 2.0

560 stars 27 forks source link

Store the password in the Secure enclave #2

Closed jorgelbg closed 3 years ago

jorgelbg commented 3 years ago

It would be nice to store the password in the Secure Enclave similar to how https://github.com/maxgoedjen/secretive does.

I didn't find a Golang library that allowed this and for now it is stored as an issue/would be nice to have at some point. This would also imply not being compatible with the normal pinentry-mac.

jorgelbg commented 3 years ago

This seems to not be possible currently:

The only keychain items supported by the Secure Enclave are 256-bit elliptic curve private keys (those that have key type kSecAttrKeyTypeEC).

from https://developer.apple.com/documentation/security/ksecattrtokenidsecureenclave.