Hello everyone,
I'm working on a project where I intend to use Secure Enclave-based, device-bound private keys within a Webauthn flow. I have the following question:
Is it possible to generate private keys in the Secure Enclave with integrated attestation in order to reliably prove to a relying party the authenticity and uncompromised state of the key?
If so, I would appreciate details on the implementation—specifically, any prerequisites, limitations, or particular API calls and configuration options that need to be considered.
I look forward to any advice, best practices, or pointers to further documentation on this topic.
Thank you in advance for your support!
Best regards, Alex
