In android there is a way of knowing if the public key from a key pair was generated inside TEE and is, therefore, hardware-backed (https://source.android.com/security/keystore/attestation). I cannot find a way to do that in iOS. Does anyone know if there is a way?
可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
回答1:
I am not aware of a directly similar possibility, but if your app lives on a not-jailbroken device you can create keys and store them inside of the Secure Enclave of your iOS device and be sure that they are stored securely and can not be compromised. Note that you can only store 256-bit elliptic curve private keys. You can then get the public key from the secret key e.g. by SecKeyCopyPublicKey
.
TrailOfBits created an example project where you can lookup more interaction with the Secure Enclave API.
The Secure Enclave itself is protected by a secure boot chain to ensure its separate software is verified and signed by Apple. See: https://www.apple.com/business/docs/iOS_Security_Guide.pdf