This repository was archived by the owner on Mar 28, 2023. It is now read-only.
This repository was archived by the owner on Mar 28, 2023. It is now read-only.
encrypting/decrypting #13
Description
According to Working with Secure Enclave, we can use kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM to do AES/GCM with a symmetric key that's wrapped by asymmetric (ECIES) encryption.
In investigating this, I added the following to generateKeyPairWithAccessControlObject of SecureEnclaveObjective-C:
// kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM uses kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1
BOOL canKeyExchange = SecKeyIsAlgorithmSupported(privateKeyRef,
kSecKeyOperationTypeKeyExchange,
kSecKeyAlgorithmECDHKeyExchangeCofactorX963SHA1);
NSLog(@"canKeyExchange %d", canKeyExchange);
BOOL canEncrypt = SecKeyIsAlgorithmSupported(publicKeyRef,
kSecKeyOperationTypeEncrypt,
kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM);
NSLog(@"canEncrypt %d", canEncrypt);
BOOL canDecrypt = SecKeyIsAlgorithmSupported(privateKeyRef,
kSecKeyOperationTypeDecrypt,
kSecKeyAlgorithmECIESEncryptionCofactorX963SHA256AESGCM);
NSLog(@"canDecrypt %d", canDecrypt);
which shows
canKeyExchange 1
canEncrypt 1
canDecrypt 0
I'm rather baffled by this-- how can encryption be supported while decryption isn't?