The sample code currently shows only the TouchID use case, even though in the implementation of KeyInterface there is a generatePasscodeKeyPair method, but it is not exposed publicly.
As far as I understand it (correct me if I'm wrong), you can also use the passcode as authentication to protect the private key. The private key will still be non-extractable and stored in the secure enclave. The main drawback I see here is that by using the device passcode instead of TouchID is that the passcode is entered by the user through a UI and thus passes through the user space and kernel space, whereas the TouchID interaction will remain completely in the secure enclave.
I think you should either mention this as a (less secure) option or drop the generatePasscodeKeyPair method in the implementation altogether.
The sample code currently shows only the TouchID use case, even though in the implementation of KeyInterface there is a generatePasscodeKeyPair method, but it is not exposed publicly.
As far as I understand it (correct me if I'm wrong), you can also use the passcode as authentication to protect the private key. The private key will still be non-extractable and stored in the secure enclave. The main drawback I see here is that by using the device passcode instead of TouchID is that the passcode is entered by the user through a UI and thus passes through the user space and kernel space, whereas the TouchID interaction will remain completely in the secure enclave.
I think you should either mention this as a (less secure) option or drop the generatePasscodeKeyPair method in the implementation altogether.