I attempted to write some code that would generate a private/public keypair using the Secure Enclave in the context of a trivial Authorization Plugin that does nothing else (based on this Apple sample code).
When I run the code, I get this error:
Error Domain=NSOSStatusErrorDomain Code=-26276 "failed to generate asymmetric keypair" UserInfo={numberOfErrorsDeep=0, NSDescription=failed to generate asymmetric keypair}
Error -26276 is an errSecInternal
and is described as "An internal error occurred in the Security framework."
The same error appears in this thread and the issue seems to be one of entitlements. The proposed solution in that case (which involves daemon code) is to rewrite the daemon as a Mac App and package up the entitlements, but that solution doesn't seem to be available for an Authorization Plugin.
Which leads me to my question: does anyone know if it's even possible to get key pairs out of the Secure Enclave in the context of an Authorization Plugin?
Thanks!