Is it possible to create an app that creates an unknowable private key in the secure enclave upon its first usage and passes this unknowable key from secure enclave to secure enclave as more folks download and use the app?
Secure Enclave
No.
The whole point of the secure enclave is that you cannot extract the private key. It's not an "unknowable key" if you can extract it, is it?!
Thanks!
Perhaps I did not word the question well. Is it possible for 2 secure enclaves, each on its own iPhone, where the first sends a private key to the second in such a fashion that it is unknowable, but now stored in two devices?
where the first sends a private key to the second
No.
unknowable, but now stored in two devices?
Unknowable but known to a second device..... no, that's a contradiction.
It sounds like you might be trying to design your own cryptography system. Don't do that!
OK - Thanks
endecotp wrote:
It sounds like you might be trying to design your own cryptography system. Don't do that!
That’s good advice.
It is possible to build cryptographic systems like the one you’re suggestion. Indeed, based on the limited info in this thread it sounds like you’re trying to build something like iCloud Keychain. Doing that securely is really hard [1]. If you want to do that, I recommend that you seek help from a cryptography expert.
It’s possible that you might be able to achieve your goal by piggybacking on top of existing Apple services. If can explain more about the background to your question, we may be able to suggest a path forward.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] For some insight into how this works under the covers, see the info in Apple Platform Security.
Thanks - Much appreciated!