Comment by cyberax
5 months ago
No. There is no way to import an existing key into the Secure Enclave. Only Apple is allowed to do that.
The best you can do is use the SE to decrypt the key and then use the clear text key for encryption/decryption.
This also means that passkeys on macOS/iOS are (at some point) exposed as clear text.
> The best you can do is use the SE to decrypt the key and then use the clear text key for encryption/decryption.
AFAIK this is what "secretive" was doing all the time.
I'm pretty sure it creates SE resident keys, which can't be unwrapped by either userspace or the macOS kernel.
Then I'm wrong.
I certainly remember that they had support for the resident keys, with all the limitations.