Skip to content

Commit

Permalink
Don't extract private key for signing (#11)
Browse files Browse the repository at this point in the history 
This also ensures that we can use secure enclave-stored keys.
  • Loading branch information
@sbihel
sbihel authored Mar 11, 2024
1 parent 848c7e1 commit dd03a2e
Showing 1 changed file with 7 additions and 5 deletions.
12 changes: 7 additions & 5 deletions Sources/WalletSdk/MDoc.swift
View file
Original file line number Diff line number Diff line change
Expand Up @@ -91,15 +91,17 @@ public class BLESessionManager {
return
}
var error: Unmanaged<CFError>?
guard let data = SecKeyCopyExternalRepresentation(secKey, &error) as Data? else {
self.callback.update(state: .error("Failed to cast key: \(error.debugDescription)"))
guard let derSignature = SecKeyCreateSignature(secKey,
.ecdsaSignatureMessageX962SHA256,
payload as CFData,
&error) as Data? else {
self.callback.update(state: .error("Failed to sign message: \(error.debugDescription)"))
self.cancel()
return
}
let privateKey = try P256.Signing.PrivateKey(x963Representation: data)
let signature = try privateKey.signature(for: payload)
let signature = try P256.Signing.ECDSASignature(derRepresentation: derSignature)
let response = try SpruceIDWalletSdkRs.submitSignature(sessionManager: sessionManager!,
signature: signature.rawRepresentation)
signature: signature.rawRepresentation)
self.bleManager.writeOutgoingValue(data: response)
} catch {
self.callback.update(state: .error("\(error)"))
Expand Down

0 comments on commit dd03a2e

Please sign in to comment.