hfossli
commented
7 years ago I think the new api I've provided in swift adresses this in a good way. Let me know what you think.
Closed suzukieng closed 7 years ago
hfossli
commented
7 years ago I think the new api I've provided in swift adresses this in a good way. Let me know what you think.
hfossli
commented
7 years ago Feel free to reopen if you feel this isn't addressed in the swift api.
The sample code currently shows only the TouchID use case, even though in the implementation of KeyInterface there is a generatePasscodeKeyPair method, but it is not exposed publicly.
As far as I understand it (correct me if I'm wrong), you can also use the passcode as authentication to protect the private key. The private key will still be non-extractable and stored in the secure enclave. The main drawback I see here is that by using the device passcode instead of TouchID is that the passcode is entered by the user through a UI and thus passes through the user space and kernel space, whereas the TouchID interaction will remain completely in the secure enclave.
I think you should either mention this as a (less secure) option or drop the generatePasscodeKeyPair method in the implementation altogether.