App Attestation returns DCErrorInvalidKey 3

A lot of our customers experienced failed App attest and always return error "DCErrorInvalidKey 3" invalidKey error on these iOS versions: 16.7.2 - iPhone 8 17.1.1, 17.1.2 - iPhone X, iPhone XS, iPhone XR, iPhone SE 2. iPhone 12, iPhone 12 Pro, iPhone 12 Pro Ma

Here is one scenario: user installs app on phone, app generates key, app stores key id in the filesystem. User gets a new phone and sets it up from a backup of the old phone; key id in filesystem is copied over. App runs on new phone, doesn’t know it’s on a different device, tries to use key id; corresponding key is not present; App Attest returns invalid key error.

I believe there must be other scenarios in which this can happen though. I see quite large numbers of users who seem to have failed app attest. I don’t think they are all hacked devices.

@endecotp you shouldn't place key_id in files that can be backed-up, cause corresponding app attest private key doesn't migrate to new device. In such case on backup restore/new install you won't have persistent key_id and can generate new keypair ready for attestation.

@endecotp you shouldn't place key_id in files that can be backed-up, cause corresponding app attest private key doesn't migrate to new device.

Right, so where should I put it?

App Attestation returns DCErrorInvalidKey 3
 
 
Q