如果仅在设备上设置了设备代码，iOS无法创建私钥吗? [英] IOS not able to create privatekey if only devicecode is set on device?

问题描述

我试图生成一个私钥，该私钥仅在使用设备代码或当前使用的生物特征识别集(已在设备上注册)时才可访问.

当我在设备上注册了一根手指时，它可以正常工作.但是，如果我删除注册的"touchid-finger"，并尝试生成新密钥，则它将返回nil

错误代码为-25293

代码示例:

  func generateKey()->SecKey?{var错误:不受管< CFError> ;?让accessControl = SecAccessControlCreateWithFlags(kCFAllocatorDefault，kSecAttrAccessibleWhenUnlockedThisDeviceOnly，[.devicePasscode，.or，.biometryCurrentSet]，零)let attribute:[String:Any] = [kSecAttrType as String:kSecAttrKeyTypeRSA，kSecAttrKeySizeInBits as String:4096，kSecPrivateKeyAttrs作为字符串:[kSecAttrIsPermanent:true，kSecAttrCanSign:是的，kSecAttrApplicationTag:"yes.its.my.tag"，kSecAttrAccessControl:accessControl！]]让privateKey = SecKeyCreateRandomKey(归因于CFDictionary，& error)if(error！= nil || privateKey == nil){fatalError(爆炸小猫")}返回privateKey} 

fyi.它实际上可以在模拟器上运行，但不能在真实设备上运行.

我做错什么了吗?这按预期工作吗?是虫子吗?(很多问题:D)

解决方案

"问题与项目的/created/创建方式有关，而这并不是这些标志所控制的.

实际上，要使.biometryCurrentSet在使用时具有任何含义，实际上在创建时实际上必须有一组当前的生物识别信息，我认为这是errSecAuthFailed的来源.

如果没有可用的生物识别信息，我的建议是手动退回到仅使用.devicePasscode.两种方式:A.捕获错误并重试B.使用LocalAuthentication框架对请求进行预检.

苹果说不能做:D

Im trying to generate a privatekey that only is accessible when either devicecode or current set of biometrics( that is already registered on device) is used.

It works when i have a finger registered on device, then its all good. But if i delete my registered "touchid-finger", and try to generate a new key, then it returns nil

Errorcode is -25293

Code example:

func generateKey() -> SecKey?{
    var error: Unmanaged<CFError>?
    let accessControl = SecAccessControlCreateWithFlags(
            kCFAllocatorDefault,
            kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
            [.devicePasscode,.or,.biometryCurrentSet],
            nil)

    let attributes:[String : Any] = [kSecAttrType as String: kSecAttrKeyTypeRSA,
    kSecAttrKeySizeInBits as String:4096,
    kSecPrivateKeyAttrs as String: [
      kSecAttrIsPermanent:true,
      kSecAttrCanSign: true,
      kSecAttrApplicationTag: "yes.its.my.tag",
      kSecAttrAccessControl:accessControl!]]
      let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error)
     if(error != nil || privateKey == nil) {
      fatalError("explode Kittens")
     }
     return privateKey
}

fyi.Its actually works on simulators but not on real devices.

Am i doing something wrong? Is this working as intended? is it a bug? (sooo many questions :D )

解决方案

"The problem relates to how the item is /created/, and that’s not what these flags control.

Indeed, for .biometryCurrentSet to have any meaning at the time of use, there must actually be a current set of biometrics at the time of creation, and I think that’s the source of the errSecAuthFailed.

My recommendation is manually fall back to using just .devicePasscode if there’s no biometrics available. Two ways: A. Catch the error and retry B. Preflight the request using the LocalAuthentication framework."

Apple says no can do :D

这篇关于如果仅在设备上设置了设备代码，iOS无法创建私钥吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！