Closed IldarAbdullin-okta closed 5 years ago
Do you also want to provide an API for the unlock and this device only permissions to prevent backup? And while thinking about it RSA versus EC because only EC is run in the Secure Enclave.
Challenge about when to allow access is with the Apple Watch. You might often use the apple watch before the phone has ever been unlocked.
looks pretty good otherwise
Do you also want to provide an API for the unlock and this device only permissions to prevent backup? And while thinking about it RSA versus EC because only EC is run in the Secure Enclave.
Challenge about when to allow access is with the Apple Watch. You might often use the apple watch before the phone has ever been unlocked.
Accessibility to stored keychain item is being controlled by accessibility
parameter. You as a developer can override default value during calling set:
API. Default value is - kSecAttrAccessibleWhenUnlockedThisDeviceOnly
, which I think is the most secure setting(no backups, no background access)
Scope for the beta:
@marcpowell-okta , @tbelote-okta , please review