How to get information about a key?

MiSimonMiSimon Member ✭✭


i am trying to store a key in the secure enclave, following the apple article.

I use this piece of code to add the SecAccessControl object to the key attributes:

SecAccessControl secAccessControl = new SecAccessControl(SecAccessible.WhenPasscodeSetThisDeviceOnly, SecAccessControlCreateFlags.PrivateKeyUsage);            

valueBuilder is an IList used to build a list of values from which i construct a NSDictionary.

The final attributes for the key are:

    bsiz = 256;
    private =     {
        accc = "<SecAccessControlRef: 0x111a04a30>";
        atag = <444d4b>;
        pdmn = akpu;
        perm = 1;
    tkid = "";
    type = 73;

Generating the key with

SecKey privateKey = SecKey.CreateRandomKey(keyAttributes,out NSError errCode);

works, i can use this key for decryption and encryption.

SecRecord record = SecKeyChain.QueryAsRecord(new SecRecord(SecKind.Key)
                    ApplicationTag = Alias
                }, out SecStatusCode errCode);
var dict = record.ToDictionary();

returns a NSObject ("" for dict["accc"] but i dont know how to get the flags from this object or how to cast it back to an SecAccessControl.

My question is, how can i get the information which SecAccessible Flag was used to create a key?


  • MiSimonMiSimon Member ✭✭

    Found the/an answer but it led to another question...


    var handle = dict[IOSConstants.Preloaded.constKSecAttrAccessControl].Handle;
    var constructors = typeof(SecAccessControl).GetConstructors(System.Reflection.BindingFlags.Instance | System.Reflection.BindingFlags.NonPublic);
    var ctor = constructors.Where(c => c.GetParameters()?[0]?.ParameterType == typeof(IntPtr)).FirstOrDefault();
    var ctorResult = ctor?.Invoke(new object[] { handle }) as SecAccessControl;

    I get an instance of SecAccessControl but the Accessible Property is set to Security.SecAccessible.WhenUnlocked and the flags are 0.

    Is there any other way to get the information or does iOS use this values every time you store a key in the secure enclave, ignoring the parameters used for SecKey.CreateRandomKey?

Sign In or Register to comment.