enclavekey

package

v0.6.0 Latest Latest Go to latest Published: Jun 10, 2024 License: MIT Imports: 10 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/common-fate/go-apple-security

Links

Open Source Insights

Documentation ¶

Overview ¶

Package enclavekey contains methods to work with keys backed by the Secure Enclave.

Index ¶

func Delete(input DeleteInput) (int, error)
type CreateInput
type DeleteInput
type GetInput
type Key
- func (k *Key) Public() crypto.PublicKey
- func (k *Key) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)
type LAContext
type ListInput

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func Delete ¶

func Delete(input DeleteInput) (int, error)

Delete keys in the keychain matching the criteria in DeleteInput.

Multiple keys will be deleted if they all match the criteria.

Returns a count of deleted keys. Returns ErrNotFound if no keys were found matching the criteria.

Types ¶

type CreateInput ¶

type CreateInput struct {
	// UserPresence constrains access to the key with
	// either biometry or passcode.
	//
	// See: https://developer.apple.com/documentation/security/secaccesscontrolcreateflags/ksecaccesscontroluserpresence
	UserPresence bool

	// Tag data is constructed from a string, using reverse DNS notation, though any unique tag will do.
	//
	// For example: 'com.example.keys.mykey'.
	//
	// See: https://developer.apple.com/documentation/security/certificate_key_and_trust_services/keys/generating_new_cryptographic_keys#2863927
	Tag string

	Label string
}

type DeleteInput ¶

type DeleteInput struct {
	Tag   string
	Label string
}

type GetInput ¶

type GetInput struct {
	Tag   string
	Label string
}

type Key ¶

type Key struct {
	// ApplicationLabel is used to look up a key programmatically
	// and is the hash of a key
	ApplicationLabel []byte
	PublicKey        *ecdsa.PublicKey
	Tag              string
	Label            string
	// LAContext is the authentication context
	// to use when signing with this key.
	LAContext *LAContext
}

Key is a NIST P-256 elliptic curve key backed by the secure enclave.

func Create ¶

func Create(input CreateInput) (*Key, error)

Create creates a new ECDSA P-256 key backed by the Secure Enclave.

func Get ¶

func Get(input GetInput) (*Key, error)

func List ¶

func List(input ListInput) ([]Key, error)

List keys matching the criteria specified in ListInput.

Returns nil if no keys are found.

func (*Key) Public ¶

func (k *Key) Public() crypto.PublicKey

Public returns the public key of this key

func (*Key) Sign ¶

func (k *Key) Sign(_ io.Reader, digest []byte, _ crypto.SignerOpts) ([]byte, error)

type LAContext ¶ added in v0.6.0

type LAContext struct {
	// LocalizedReason is the localized explanation for
	// authentication shown in the dialog presented to the user.
	LocalizedReason string
}

LAContext is a mechanism for evaluating authentication policies and access controls.

See: https://developer.apple.com/documentation/localauthentication/lacontext

type ListInput ¶

type ListInput struct {
	Tag   string
	Label string
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL