Multiple calls to appAttestService generateKeyWithCompletionHandler

Question

SteffenFiksdal OP

Created Sep ’21

Replies 1

Boosts 0

Participants 2

Hello,

I am currently looking into iOS App Attest and have two questions:

When generateKeyWithCompletionHandler is called the closure will return the keyId as a reference to the key pair in Secure Enclave. This keyId must be kept for later use in the attestation process.

Every time I call generateKeyWithCompletionHandler I will receive a new keyId. This is functionally not what you want, but it can be done and generateKeyWithCompletionHandler does not fail if it has been called previously.

Will the latest returned keyId override any other keyIds created previously in the app or will all keyIds returned be valid as reference for attestation ?

If all keyIds are valid will they refer to unique key pairs or point to the same key pair in the Secure Enclave?

Kind regards, Steffen

Answered by Frameworks Engineer in 687201022

Hi, the latest returned keyId will not override other keyIds, as each key and its associated key pair is unique. That being said, the key should not be considered valid until you had called attestKey and verified the attestation on your server side.

Boost

Answer 1

Frameworks Engineer OP

Apple

Sep ’21

Accepted Answer

Hi, the latest returned keyId will not override other keyIds, as each key and its associated key pair is unique. That being said, the key should not be considered valid until you had called attestKey and verified the attestation on your server side.

0