Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support application password #22

Open
ma-pe opened this issue Mar 7, 2018 · 5 comments
Open

Support application password #22

ma-pe opened this issue Mar 7, 2018 · 5 comments

Comments

@ma-pe
Copy link

ma-pe commented Mar 7, 2018
edited
Loading

Hey, it's me again :-)

Still happily using the master-branch.
Lately, I wanted to try the application password method for devices that haven't set fingerprint or passcode.

I added the flag .applicationPassword resulting in: flags: EllipticCurveKeyPair.Device.hasSecureEnclave ? [.applicationPassword, .privateKeyUsage] : [.applicationPassword].

My understanding is, that I'd have to provide the actual password to the LAContext before key creation. Something like this:
context.setCredential("passwordFromServer".data(using:String.Encoding.utf8)!, type: LACredentialType.applicationPassword)

Though, I don't pass the LAContext to key creation. Regarding your API I can only provide it when decrypting or signing.
@hfossli
Copy link
Contributor

hfossli commented Mar 7, 2018

Interesting. I didn’t know you could pass a password. I thought it had to be done by the user first time upon key creation. If the api is limiting you I am open to change that. Let me know how it goes and please send me diffs :)

@ma-pe
Copy link
Author

ma-pe commented Mar 7, 2018
edited
Loading

You can prompt the user to enter a password and use this as the application password. Though, this is not automatically triggered by the key generation.

This is a good example for setting and getting secrets with .applicationPassword:
https://macbirdie.net/2016/03/app-pwd

We don't need this at the moment. I just wanted to check how it works. Once we move forward in our development I check back and try to help, when we decide to use it.

@ma-pe ma-pe changed the title Question: How to use application password Support application password Mar 7, 2018
@hfossli
Copy link
Contributor

hfossli commented Mar 7, 2018

Thanks for sharing that useful article. I think as you, that changes is required in order to properly support this. I will have to think about this.

What’s needed to consider

  • should work well on devices that doesn’t support privateKeyUsage flag
  • should work well on devices that supports privateKeyUsage flag
  • api should be simple and clear

@netgfx
Copy link

netgfx commented Feb 18, 2021
edited
Loading

Has this issue seen any progress? It seems like a really useful and popular feature, as Apps like Revolut use that kind of flow as well. Biometric or App password.

If it helps there an implementation here as well https://github.com/algrid/keychain-sample/blob/master/keychain-sample/KeychainHelper.swift

@hfossli
Copy link
Contributor

hfossli commented Feb 18, 2021

Yep. It is possible to do this using a custom LAContext and application password flag.

I have been working on a renewed api. You can check it out here. Also has support for React Native.
ES256.zip

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@netgfx @hfossli @ma-pe