Enable a private key to be used in signing a block of data or verifying a signed block.
- iOS 9.0+
- macOS 10.12.1+
- Mac Catalyst 13.0+
- tvOS 9.0+
- watchOS 2.0+
This option can be combined with any other access control flags.
You typically use this constraint when you create a key pair and store the private key inside a device’s Secure Enclave (by specifying the
k attribute with a value of
k). This makes the private key available for use in signing and verification tasks that happen inside the Secure Enclave with calls to the
Sec functions. An attempt to use this constraint while generating a key pair outside the Secure Enclave fails. Similarly, an attempt to sign a block with a private key generated without this constraint inside the Secure Enclave fails.