multipaz/org.multipaz.securearea/SecureEnclaveSecureArea

SecureEnclaveSecureArea

An implementation of SecureArea using the Apple Secure Enclave.

This implementation uses CryptoKit and only supports EcCurve.P256. Keys can optionally be protected by user authentication which can be specified using SecureEnclaveUserAuthType and SecureEnclaveCreateKeySettings.

Note that this platform automatically displays authentication dialogs when a key is used (if needed) unlike other SecureArea dialogs where the application is expected to show authentication dialogs via catching KeyUnlockData, preparing a KeyUnlockData, obtaining authentication, and then retrying the operation.

The behavior (for example, which message to show the user) of the platform native authentication dialog can be customized by passing a SecureEnclaveKeyUnlockData with a suitable LAContext object when the key is used. Note that the platform native authentication dialog will show even if this is not done.

As the Secure Enclave does not current support key attestation, the base KeyAttestation object is used.

Types

Companion

object Companion

Properties

displayName

open val displayName: String

identifier

open val identifier: String

supportedAlgorithms

open val supportedAlgorithms: List<<Error class: unknown class>>

Functions

createKey

open suspend fun createKey(alias: String?, createKeySettings: <Error class: unknown class>): <Error class: unknown class>

deleteKey

open suspend fun deleteKey(alias: String)

getKeyInfo

open suspend fun getKeyInfo(alias: String): <Error class: unknown class>

getKeyInvalidated

open suspend fun getKeyInvalidated(alias: String): Boolean

keyAgreement

open suspend fun keyAgreement(alias: String, otherKey: <Error class: unknown class>, keyUnlockData: <Error class: unknown class>?): ByteArray

sign

open suspend fun sign(alias: String, dataToSign: ByteArray, keyUnlockData: <Error class: unknown class>?): <Error class: unknown class>