我想知道是否有人知道是否可以在安全飞地内创建 key 之后更新标志? 以下是我创建 key 的方法:
let access = SecAccessControlCreateWithFlags(kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[SecAccessControlCreateFlags.userPresence,
SecAccessControlCreateFlags.privateKeyUsage],
nil)!
let attributes: [String: Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
kSecAttrKeySizeInBits as String: 256,
kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent as String: true,
kSecAttrApplicationTag as String: "stacksometimesoverflow",
kSecAttrAccessControl as String: access
]
]
var error: Unmanaged<CFError>?
guard SecKeyCreateRandomKey(attributes as CFDictionary, &error) != nil else {
throw error!.takeRetainedValue() as Error
}
如您所见, key 是用
创建的SecAccessControlCreateFlags.userPresence, SecAccessControlCreateFlags.privateKeyUsage
我的问题是,是否可以更新 key 的访问标志(相同 key ),假设我想删除SecAccessControlCreateFlags.userPresence
祝一切顺利!
约翰尼
最佳答案
我认为这是不可能的。根据Apple's documentation :
... because its backing storage is physically part of the Secure Enclave, you can never inspect the key’s data.
我认为最好的方法是使用 SecItemDelete(_:)
删除 key ,然后创建不带 .userPresence
标志的新 key 。
关于ios - 安全飞地 : update SecAccessControlCreateFlags after key creation,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/53796228/