即使卸载应用程序后，安全的Enclave密钥仍然存在

Question

I have generated Keys inside the Secure enclave using the following Code Snippet,

func generateKeyPair(accessControl: SecAccessControl) throws -> (`public`: SecureEnclaveKeyReference, `private`: SecureEnclaveKeyReference) {

        let privateKeyParams: [String: Any] = [
            kSecAttrLabel as String: privateLabel,
            kSecAttrIsPermanent as String: true,
            kSecAttrAccessControl as String: accessControl,
        ]
        let params: [String: Any] =
        [
            kSecAttrKeyType as String: attrKeyTypeEllipticCurve,
            kSecAttrKeySizeInBits as String: 256,
            kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave,
            kSecPrivateKeyAttrs as String: privateKeyParams
        ]
        var publicKey, privateKey: SecKey?

        let status = SecKeyGeneratePair(params as CFDictionary, &publicKey, &privateKey)

        guard status == errSecSuccess else {

            throw SecureEnclaveHelperError(message: "Could not generate keypair", osStatus: status)
        }

        return (public: SecureEnclaveKeyReference(publicKey!), private: SecureEnclaveKeyReference(privateKey!))
    }

Post un-installation of the application the keys still exists, is there a way to remove the keys from secure enclave ?

Thank you in advance :)

Answer 1

There is no trigger to perform code when the app is deleted from the device. Access to the keychain is dependant on the provisioning profile that is used to sign the application. Therefore no other applications would be able to access this information in the keychain.

https://stackoverflow.com/a/5711090/7350472

If you want to delete key from Secure Enclave you can call:

SecItemDelete(query as CFDictionary)

https://developer.apple.com/documentation/security/1395547-secitemdelete