Comment by big-and-small
5 months ago
> The best you can do is use the SE to decrypt the key and then use the clear text key for encryption/decryption.
AFAIK this is what "secretive" was doing all the time.
5 months ago
> The best you can do is use the SE to decrypt the key and then use the clear text key for encryption/decryption.
AFAIK this is what "secretive" was doing all the time.
I'm pretty sure it creates SE resident keys, which can't be unwrapped by either userspace or the macOS kernel.
Then I'm wrong.
I certainly remember that they had support for the resident keys, with all the limitations.