I found it impossible to find a segment of code which showed how to generate a secure key pair in the enclave with swift for iOS 9. So… here it is!
// private key parameters let privateKeyParams: [String: AnyObject] = [ kSecAttrLabel as String: "privateLabel", kSecAttrIsPermanent as String: true, kSecAttrApplicationTag as String: "applicationTag" ] // public key parameters let publicKeyParams: [String: AnyObject] = [ kSecAttrLabel as String: "publicLabel", kSecAttrIsPermanent as String: false, kSecAttrApplicationTag as String: "applicationTag" ] // global parameters let parameters: [String: AnyObject] = [ kSecAttrKeyType as String: kSecAttrKeyTypeEC, kSecAttrKeySizeInBits as String: 256, kSecAttrTokenID as String: kSecAttrTokenIDSecureEnclave, kSecPublicKeyAttrs as String: publicKeyParams, kSecPrivateKeyAttrs as String: privateKeyParams ] var pubKey, privKey: SecKeyRef? let status = SecKeyGeneratePair(parameters, &pubKey, &privKey)
Note the addition of the TokenID attribute in the global parameters which specifies we are generating the key pair in the enclave. Also note that the public key is not set to be stored permanently. Instead, the public key must be added to the keychain after performing the generation. Finally, at the time of writing, only elliptic curve keys with a 256 bit length are supported.