In android there is a way of knowing if the public key from a key pair was generated inside TEE and is, therefore, hardware-backed (https://source.android.com/security/keystore/attestation). I cannot find a way to do that in iOS. Does anyone know if there is a way?
I am not aware of a directly similar possibility, but if your app lives on a not-jailbroken device you can create keys and store them inside of the Secure Enclave of your iOS device and be sure that they are stored securely and can not be compromised. Note that you can only store 256-bit elliptic curve private keys. You can then get the public key from the secret key e.g. by SecKeyCopyPublicKey
.
TrailOfBits created an example project where you can lookup more interaction with the Secure Enclave API.
The Secure Enclave itself is protected by a secure boot chain to ensure its separate software is verified and signed by Apple. See: https://www.apple.com/business/docs/iOS_Security_Guide.pdf
来源:https://stackoverflow.com/questions/46914154/ios-hardware-backed-key-attestation