Do you actually need [a paid] developer account to generate private
keys inside the keychains ?
No.
The ability to protect a keychain item with the Secure Enclave is a feature of the data protection keychain [1]. To use the data protection keychain your app must be signed with an App ID. Without that, you get this errSecMissingEntitlement error (btw, that’s -34018, not -30418).
If you create and run a standard macOS app, it’s not signed with an App ID. The easiest way to force Xcode to do that is to add a restricted entitlement to you project [2]. A Personal Team doesn’t have a lot of access to restricted entitlements, but there are a few. For example, if you use Signing & Capabilities to add the Maps capability to your app target, Xcode will assign an App ID to your app.
Once you get things working, you can then remove the Maps capability and Xcode should continue to apply your App ID.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
[1] If you’re unfamiliar with that term, see TN3137 On Mac keychain APIs and implementations.
[2] If you’re unfamiliar with that term, see TN3125 Inside Code Signing: Provisioning Profiles.
