我正在使用 ACL 绑定创建密钥对,我使用kSecAccessControlUserPresence密钥假设它将首先启动 TouchID/FaceID,如果未注册,则提示密码及其在 iPhone6Plus 上的工作正常,但在我的 iPhoneX 提示密码上,即使我已经注册了我的脸面容ID。所以我有以下问题。
kSecAccessControlUserPresence说它会首先通过 Bio-metric(TouchId/FaceId) 提示,如果没有注册任何然后通过 Passcode 提示,这种理解对吗?- 如果我的上述理解不正确,那么我该如何先选择 Bio-metric 然后再推送 Passcode ?
以下是我的代码。
private func generateHardwareKeyPairEC(keypairAttributes : KeyPairAttributes, completionHandler: @escaping (OSStatus?) -> Void ) {
// Access Control List
let accessControl: SecAccessControl = SecAccessControlCreateWithFlags(kCFAllocatorDefault, kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly, [SecAccessControlCreateFlags.privateKeyUsage, SecAccessControlCreateFlags.userPresence], nil)!
// Public Key parameters
let publicKeyParams: [String: Any] = [
kSecAttrLabel as String: keypairAttributes.keyLabel!,
kSecAttrApplicationTag as String : keypairAttributes.keyApplicationTag!
]
// Private Key parameters
let privateKeyParams: [String: Any] = [
kSecAttrLabel as String: keypairAttributes.keyLabel!,
kSecAttrApplicationTag as String : keypairAttributes.keyApplicationTag!,
kSecAttrIsPermanent as String: true,
kSecAttrAccessControl as String: accessControl,
]
//Key Pair parameters
let params: [String: Any] = [
kSecAttrKeyType as String: kSecAttrKeyTypeEC,//key type will be used here
kSecAttrKeySizeInBits as String: keypairAttributes.keySize!,
kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
kSecPublicKeyAttrs as String : publicKeyParams,
kSecPrivateKeyAttrs as String: privateKeyParams
]
//var publicKey, privateKey: SecKey?
DispatchQueue.global(qos: .default).async { // 1
let status = SecKeyGeneratePair(params as CFDictionary, &self.publicKey, &self.privateKey)
if status == noErr {
print("Private key: \(String(describing: self.privateKey))\nPublic key: \(String(describing: self.publicKey))")
print("Private key: \(String(describing: self.privateKey))\nPublic key: \(String(describing: self.publicKey))")
completionHandler(status)
} else {
print("Failed to generate key pairs")
completionHandler(status)
}
}
}