SecItemUpdate返回errSecParam(-50)

时间:2019-07-15 14:34:50

标签: ios swift seckeyref

尝试更新访问属性时,我从SecItemUpdate获取errSecParam。

这是我现有的密钥创建代码:

    func createKey(tag: String) {
        var error: Unmanaged<CFError>?
        var flags: SecAccessControlCreateFlags = []

        flags.insert(.privateKeyUsage)

        if let access = SecAccessControlCreateWithFlags(
            kCFAllocatorDefault,
            kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
            flags,
            &error) {

            let attributes: [CFString: Any] = [
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
                kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
                kSecAttrKeySizeInBits: 256,
                kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
                kSecPrivateKeyAttrs: [
                    kSecAttrIsPermanent: true,
                    kSecAttrApplicationTag: tag,
                    kSecAttrAccessControl: access
                ]
            ]

            if let privateKey = SecKeyCreateRandomKey(attributes as CFDictionary, &error) {
                self.key = privateKey
            } else {
                debugPrint("error")
            }
        } else {
            debugPrint("error")
        }
    }

我正在尝试创建一个应用程序更新,该更新将添加一个新的访问属性“ .biometryAny”,但是SecItemUpdate返回-50。

这是我尝试更新的方式:

    func updateKey(tag: String) {
        var error: Unmanaged<CFError>?
        var flags: SecAccessControlCreateFlags = []

        flags.insert(.privateKeyUsage)
        flags.insert(.biometryAny)  // New access attributes

        if let access = SecAccessControlCreateWithFlags(
            kCFAllocatorDefault,
            kSecAttrAccessibleWhenUnlockedThisDeviceOnly,
            flags,
            &error) {

            let attributes: [CFString: Any] = [
                kSecAttrKeyClass: kSecAttrKeyClassPrivate,
                kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
                kSecAttrKeySizeInBits: 256,
                kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
                kSecPrivateKeyAttrs: [
                    kSecAttrIsPermanent: true,
                    kSecAttrApplicationTag: tag,
                    kSecAttrAccessControl: access
                ]
            ]

            let status = SecItemUpdate(query(tag: tag), attributes as CFDictionary)
            debugPrint(status)
        } else {
            debugPrint("error")
        }
    }

    private func query(tag: String) -> CFDictionary {
        return [
            kSecClass: kSecClassKey,
            kSecAttrApplicationTag: tag,
            kSecAttrKeyType: kSecAttrKeyTypeECSECPrimeRandom,
            kSecReturnRef: true,
            kSecMatchLimit as String: kSecMatchLimitOne,
            ] as CFDictionary
    }

关于更新代码有什么问题的任何想法吗?

0 个答案:

没有答案