Global Variable

kSecAttrTokenIDSecureEnclave

Specifies an item should be stored in the device's Secure Enclave.

Declaration

const CFStringRef kSecAttrTokenIDSecureEnclave;

Discussion

The only keychain items supported by the Secure Enclave are 256-bit elliptic curve private keys (those that have key type kSecAttrKeyTypeEC). Such keys must be generated directly on the Secure Enclave using the SecKeyGeneratePair function with the kSecAttrTokenID key set to kSecAttrTokenIDSecureEnclave in the parameters dictionary.