如果仅在设备上设置了设备代码,iOS无法创建私钥吗? [英] IOS not able to create privatekey if only devicecode is set on device?
问题描述
我试图生成一个私钥,该私钥仅在使用设备代码或当前使用的生物特征识别集(已在设备上注册)时才可访问.
当我在设备上注册了一根手指时,它可以正常工作.但是,如果我删除注册的"touchid-finger",并尝试生成新密钥,则它将返回nil
错误代码为-25293
代码示例:
func generateKey()->SecKey?{var错误:不受管< CFError> ;?让accessControl = SecAccessControlCreateWithFlags(kCFAllocatorDefault,kSecAttrAccessibleWhenUnlockedThisDeviceOnly,[.devicePasscode,.or,.biometryCurrentSet],零)let attribute:[String:Any] = [kSecAttrType as String:kSecAttrKeyTypeRSA,kSecAttrKeySizeInBits as String:4096,kSecPrivateKeyAttrs作为字符串:[kSecAttrIsPermanent:true,kSecAttrCanSign:是的,kSecAttrApplicationTag:"yes.its.my.tag",kSecAttrAccessControl:accessControl!]]让privateKey = SecKeyCreateRandomKey(归因于CFDictionary,& error)if(error!= nil || privateKey == nil){fatalError(爆炸小猫")}返回privateKey}
fyi.它实际上可以在模拟器上运行,但不能在真实设备上运行.
我做错什么了吗?这按预期工作吗?是虫子吗?(很多问题:D)
"问题与项目的/created/创建方式有关,而这并不是这些标志所控制的.
实际上,要使.biometryCurrentSet在使用时具有任何含义,实际上在创建时实际上必须有一组当前的生物识别信息,我认为这是errSecAuthFailed的来源.
如果没有可用的生物识别信息,我的建议是手动退回到仅使用.devicePasscode.两种方式:A.捕获错误并重试B.使用LocalAuthentication框架对请求进行预检.
苹果说不能做:D
Im trying to generate a privatekey that only is accessible when either devicecode or current set of biometrics( that is already registered on device) is used.
It works when i have a finger registered on device, then its all good. But if i delete my registered "touchid-finger", and try to generate a new key, then it returns nil
Errorcode is -25293
Code example:
func generateKey() -> SecKey?{
var error: Unmanaged<CFError>?
let accessControl = SecAccessControlCreateWithFlags(
kCFAllocatorDefault,
kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
[.devicePasscode,.or,.biometryCurrentSet],
nil)
let attributes:[String : Any] = [kSecAttrType as String: kSecAttrKeyTypeRSA,
kSecAttrKeySizeInBits as String:4096,
kSecPrivateKeyAttrs as String: [
kSecAttrIsPermanent:true,
kSecAttrCanSign: true,
kSecAttrApplicationTag: "yes.its.my.tag",
kSecAttrAccessControl:accessControl!]]
let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error)
if(error != nil || privateKey == nil) {
fatalError("explode Kittens")
}
return privateKey
}
fyi.Its actually works on simulators but not on real devices.
Am i doing something wrong? Is this working as intended? is it a bug? (sooo many questions :D )
"The problem relates to how the item is /created/, and that’s not what these flags control.
Indeed, for .biometryCurrentSet to have any meaning at the time of use, there must actually be a current set of biometrics at the time of creation, and I think that’s the source of the errSecAuthFailed.
My recommendation is manually fall back to using just .devicePasscode if there’s no biometrics available. Two ways: A. Catch the error and retry B. Preflight the request using the LocalAuthentication framework."
Apple says no can do :D
这篇关于如果仅在设备上设置了设备代码,iOS无法创建私钥吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!