Is it really a problem?
Aforegoing, I searched for similar questions on SO, Github and in this forum. I already tried to get an answer to this on SO, but until today nobody responded, unfortunately. My problem is not a bug, I just hope to get some help in this cryptographic topic.
Which platform(s) does your issue occur on?
Please provide the following version numbers that your issue occurs with:
CLI: 3.2.1 Cross-platform modules: 3.3.0 Runtime(s): both 3.0.0 Plugin(s):
Please describe your issue in as much detail as possible.
I want to generate elliptic curve keys using the keychain API of iOS in my NS plugin. Those should be used for signature creation and verification. Unfortunately I am not able to succeed.
Is there code involved? If so, please share the minimal amount of code needed to recreate the problem.
Following the docs of Apple I tried to generate new keys like this:
const privTagData = NSString.stringWithString("my.tag.private") .dataUsingEncoding(NSUTF8StringEncoding); const params: NSMutableDictionary<string, any> = NSMutableDictionary.new<string, any>(); params.setValueForKey(kSecAttrKeyTypeECSECPrimeRandom, kSecAttrKeyType); params.setValueForKey(NSNumber.numberWithInt(256), kSecAttrKeySizeInBits); const privAttrs: NSMutableDictionary<string, any> = NSMutableDictionary.new<string, any>(); privAttrs.setValueForKey(kCFBooleanTrue, kSecAttrIsPermanent); privAttrs.setValueForKey(privTagData, kSecAttrApplicationTag); params.setObjectForKey(privAttrs, kSecPrivateKeyAttrs); const error = new interop.Reference<NSError>(); const secKey = SecKeyCreateRandomKey(params, error);
Unfortunately this always returns -50 as error which means that my parameters are not valid. But I do not know which one is invalid.
If I comment the line with the
kSecAttrIsPermanent attribute, it works and generates an opague elliptic curve private key which is not stored to the keychain implicitly. But then again, I am not able to store the key via
SecItemAdd into the keychain, because it returns error -50 when doing so.
Hopefully anyone has already done this and succeeded, or is able to give me a hint if I made any error. Looking forward for any valuable comment. Thank you very much.
Kind regards, David