Generate EC keypair for iOS in NativeScript plugin

plugins
ios

#1

Is it really a problem?

Aforegoing, I searched for similar questions on SO, Github and in this forum. I already tried to get an answer to this on SO, but until today nobody responded, unfortunately. My problem is not a bug, I just hope to get some help in this cryptographic topic.

Which platform(s) does your issue occur on?

iOS

Please provide the following version numbers that your issue occurs with:

CLI: 3.2.1
Cross-platform modules: 3.3.0
Runtime(s): both 3.0.0
Plugin(s): 

Please describe your issue in as much detail as possible.

I want to generate elliptic curve keys using the keychain API of iOS in my NS plugin. Those should be used for signature creation and verification. Unfortunately I am not able to succeed.

Is there code involved? If so, please share the minimal amount of code needed to recreate the problem.

Following the docs of Apple I tried to generate new keys like this:

const privTagData = NSString.stringWithString("my.tag.private")
        .dataUsingEncoding(NSUTF8StringEncoding);
const params: NSMutableDictionary<string, any> = 
        NSMutableDictionary.new<string, any>();
params.setValueForKey(kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyType);
params.setValueForKey(NSNumber.numberWithInt(256), kSecAttrKeySizeInBits);
const privAttrs: NSMutableDictionary<string, any> = 
        NSMutableDictionary.new<string, any>();
privAttrs.setValueForKey(kCFBooleanTrue, kSecAttrIsPermanent);
privAttrs.setValueForKey(privTagData, kSecAttrApplicationTag);
params.setObjectForKey(privAttrs, kSecPrivateKeyAttrs);
const error = new interop.Reference<NSError>();
const secKey = SecKeyCreateRandomKey(params, error);

Unfortunately this always returns -50 as error which means that my parameters are not valid. But I do not know which one is invalid.
If I comment the line with the kSecAttrIsPermanent attribute, it works and generates an opague elliptic curve private key which is not stored to the keychain implicitly. But then again, I am not able to store the key via SecItemAdd into the keychain, because it returns error -50 when doing so.

Hopefully anyone has already done this and succeeded, or is able to give me a hint if I made any error. Looking forward for any valuable comment. Thank you very much.

Kind regards, David


#2

To refer to a given solution, take a look at my answer in the following GitHub issue: https://github.com/NativeScript/NativeScript/issues/5133

Best regards,
David