metatext/Secrets/Sources/Secrets/Secrets.swift

// Copyright © 2020 Metabolist. All rights reserved.

import Base16
import CryptoKit
import Foundation
import Keychain

public protocol SecretsStorable {
    var dataStoredInSecrets: Data { get }
    static func fromDataStoredInSecrets(_ data: Data) throws -> Self
}

enum SecretsStorableError: Error {
    case conversionFromDataStoredInSecrets(Data)
}

public struct Secrets {
    public let identityId: UUID
    private let keychain: Keychain.Type

    public init(identityId: UUID, keychain: Keychain.Type) {
        self.identityId = identityId
        self.keychain = keychain
    }
}

public extension Secrets {
    enum Item: String, CaseIterable {
        case instanceURL
        case clientId
        case clientSecret
        case accessToken
        case pushKey
        case pushAuth
        case databaseKey
        case imageCacheKey
        case identityDatabaseName
        case accountId
        case username
    }
}

public enum SecretsError: Error {
    case itemAbsent
}

extension Secrets.Item {
    enum Kind {
        case genericPassword
        case key
    }

    // Note `databaseKey` and `imageCacheKey` are stored as generic passwords, not keys
    var kind: Kind {
        switch self {
        case .pushKey: return .key
        default: return .genericPassword
        }
    }
}

public extension Secrets {
    static func identityDatabaseName(keychain: Keychain.Type) throws -> String {
        do {
            return try unscopedItem(.identityDatabaseName, keychain: keychain)
        } catch SecretsError.itemAbsent {
            let identityDatabaseName = UUID().uuidString

            try setUnscoped(identityDatabaseName, forItem: .identityDatabaseName, keychain: keychain)

            return identityDatabaseName
        }
    }

    static func imageCacheKey(keychain: Keychain.Type) throws -> Data {
        do {
            return try unscopedItem(.imageCacheKey, keychain: keychain)
        } catch SecretsError.itemAbsent {
            let imageCacheKey = Data(SymmetricKey(size: .bits256).withUnsafeBytes(Array.init))

            try setUnscoped(imageCacheKey, forItem: .imageCacheKey, keychain: keychain)

            return imageCacheKey
        }
    }

    // https://www.zetetic.net/sqlcipher/sqlcipher-api/#key
    static func databaseKey(identityId: UUID?, keychain: Keychain.Type) throws -> String {
        let passphraseData: Data
        let scopedSecrets: Secrets?

        if let identityId = identityId {
            scopedSecrets = Secrets(identityId: identityId, keychain: keychain)
        } else {
            scopedSecrets = nil
        }

        do {
            passphraseData = try scopedSecrets?.item(.databaseKey)
                ?? unscopedItem(.databaseKey, keychain: keychain)
        } catch SecretsError.itemAbsent {
            var bytes = [UInt8](repeating: 0, count: databaseKeyLength)
            let status = SecRandomCopyBytes(kSecRandomDefault, databaseKeyLength, &bytes)

            if status == errSecSuccess {
                passphraseData = Data(bytes)

                if let scopedSecrets = scopedSecrets {
                    try scopedSecrets.set(passphraseData, forItem: .databaseKey)
                } else {
                    try setUnscoped(passphraseData, forItem: .databaseKey, keychain: keychain)
                }
            } else {
                throw NSError(status: status)
            }
        }

        return "x'\(passphraseData.base16EncodedString(options: [.uppercase]))'"
    }

    func deleteAllItems() {
        for item in Secrets.Item.allCases {
            do {
                switch item.kind {
                case .genericPassword:
                    try keychain.deleteGenericPassword(
                        account: scopedKey(item: item),
                        service: Self.keychainServiceName)
                case .key:
                    try keychain.deleteKey(applicationTag: scopedKey(item: item))
                }
            } catch {
                // no-op
            }
        }
    }

    func getInstanceURL() throws -> URL {
        try item(.instanceURL)
    }

    func setInstanceURL(_ instanceURL: URL) throws {
        try set(instanceURL, forItem: .instanceURL)
    }

    func getClientId() throws -> String {
        try item(.clientId)
    }

    func setClientId(_ clientId: String) throws {
        try set(clientId, forItem: .clientId)
    }

    func getClientSecret() throws -> String {
        try item(.clientSecret)
    }

    func setClientSecret(_ clientSecret: String) throws {
        try set(clientSecret, forItem: .clientSecret)
    }

    func getAccessToken() throws -> String {
        try item(.accessToken)
    }

    func setAccessToken(_ accessToken: String) throws {
        try set(accessToken, forItem: .accessToken)
    }

    func getAccountId() throws -> String {
        try item(.accountId)
    }

    func setAccountId(_ accountId: String) throws {
        try set(accountId, forItem: .accountId)
    }

    func getUsername() throws -> String {
        try item(.username)
    }

    func setUsername(_ username: String) throws {
        try set(username, forItem: .username)
    }

    func generatePushKeyAndReturnPublicKey() throws -> Data {
        try keychain.generateKeyAndReturnPublicKey(
            applicationTag: scopedKey(item: .pushKey),
            attributes: PushKey.attributes)
    }

    func getPushKey() throws -> Data? {
        try keychain.getPrivateKey(
            applicationTag: scopedKey(item: .pushKey),
            attributes: PushKey.attributes)
    }

    func generatePushAuth() throws -> Data {
        var bytes = [UInt8](repeating: 0, count: PushKey.authLength)
        let status = SecRandomCopyBytes(kSecRandomDefault, PushKey.authLength, &bytes)

        if status == errSecSuccess {
            let pushAuth = Data(bytes)

            try set(pushAuth, forItem: .pushAuth)

            return pushAuth
        } else {
            throw NSError(status: status)
        }
    }

    func getPushAuth() throws -> Data? {
        try item(.pushAuth)
    }
}

private extension Secrets {
    static let keychainServiceName = "com.metabolist.metatext"
    static let databaseKeyLength = 48

    private static func set(_ data: SecretsStorable, forAccount account: String, keychain: Keychain.Type) throws {
        try keychain.setGenericPassword(
            data: data.dataStoredInSecrets,
            forAccount: account,
            service: keychainServiceName)
    }

    private static func get<T: SecretsStorable>(account: String, keychain: Keychain.Type) throws -> T {
        guard let data = try keychain.getGenericPassword(
                account: account,
                service: keychainServiceName) else {
            throw SecretsError.itemAbsent
        }

        return try T.fromDataStoredInSecrets(data)
    }

    static func setUnscoped(_ data: SecretsStorable, forItem item: Item, keychain: Keychain.Type) throws {
        try set(data, forAccount: item.rawValue, keychain: keychain)
    }

    static func unscopedItem<T: SecretsStorable>(_ item: Item, keychain: Keychain.Type) throws -> T {
        try get(account: item.rawValue, keychain: keychain)
    }

    func scopedKey(item: Item) -> String {
        identityId.uuidString.appending(".").appending(item.rawValue)
    }

    func set(_ data: SecretsStorable, forItem item: Item) throws {
        try Self.set(data, forAccount: scopedKey(item: item), keychain: keychain)
    }

    func item<T: SecretsStorable>(_ item: Item) throws -> T {
        try Self.get(account: scopedKey(item: item), keychain: keychain)
    }
}

extension Data: SecretsStorable {
    public var dataStoredInSecrets: Data { self }

    public static func fromDataStoredInSecrets(_ data: Data) throws -> Data {
        data
    }
}

extension String: SecretsStorable {
    public var dataStoredInSecrets: Data { Data(utf8) }

    public static func fromDataStoredInSecrets(_ data: Data) throws -> String {
        guard let string = String(data: data, encoding: .utf8) else {
            throw SecretsStorableError.conversionFromDataStoredInSecrets(data)
        }

        return string
    }
}

extension URL: SecretsStorable {
    public var dataStoredInSecrets: Data { absoluteString.dataStoredInSecrets }

    public static func fromDataStoredInSecrets(_ data: Data) throws -> URL {
        guard let url = URL(string: try String.fromDataStoredInSecrets(data)) else {
            throw SecretsStorableError.conversionFromDataStoredInSecrets(data)
        }

        return url
    }
}

private struct PushKey {
    static let authLength = 16
    static let sizeInBits = 256
    static let attributes: [String: Any] = [
        kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,
        kSecAttrKeySizeInBits as String: sizeInBits]
}
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`// Copyright © 2020 Metabolist. All rights reserved.`

Modularize base16 encoding 2020-09-06 21:37:54 +00:00			`import Base16`
Use image cache in extensions 2021-01-30 01:14:22 +00:00			`import CryptoKit`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`import Foundation`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`import Keychain`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
wip 2020-08-31 10:21:01 +00:00			`public protocol SecretsStorable {`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`var dataStoredInSecrets: Data { get }`
			`static func fromDataStoredInSecrets(_ data: Data) throws -> Self`
			`}`

			`enum SecretsStorableError: Error {`
			`case conversionFromDataStoredInSecrets(Data)`
			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`public struct Secrets {`
The great id cleanup 2020-10-05 22:50:05 +00:00			`public let identityId: UUID`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`private let keychain: Keychain.Type`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
The great id cleanup 2020-10-05 22:50:05 +00:00			`public init(identityId: UUID, keychain: Keychain.Type) {`
			`self.identityId = identityId`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`self.keychain = keychain`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`
			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`public extension Secrets {`
Refactoring 2020-08-09 02:52:41 +00:00			`enum Item: String, CaseIterable {`
Refactoring 2020-09-08 02:12:38 +00:00			`case instanceURL`
The great id cleanup 2020-10-05 22:50:05 +00:00			`case clientId`
Push notifications 2020-08-12 07:24:39 +00:00			`case clientSecret`
			`case accessToken`
			`case pushKey`
			`case pushAuth`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`case databaseKey`
Use image cache in extensions 2021-01-30 01:14:22 +00:00			`case imageCacheKey`
Randomize identity database name 2021-01-16 21:46:07 +00:00			`case identityDatabaseName`
Use keychain instead of DB in notification service 2021-02-26 03:21:06 +00:00			`case accountId`
			`case username`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`
			`}`

Anonymous browsing improvements 2020-09-09 05:40:49 +00:00			`public enum SecretsError: Error {`
Revoke access token when removing account 2020-08-14 03:40:46 +00:00			`case itemAbsent`
			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`extension Secrets.Item {`
Refactoring 2020-08-14 01:59:17 +00:00			`enum Kind {`
			`case genericPassword`
			`case key`
			`}`

Use image cache in extensions 2021-01-30 01:14:22 +00:00			// Note `databaseKey` and `imageCacheKey` are stored as generic passwords, not keys
Refactoring 2020-08-14 01:59:17 +00:00			`var kind: Kind {`
			`switch self {`
			`case .pushKey: return .key`
			`default: return .genericPassword`
			`}`
			`}`
			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`public extension Secrets {`
Randomize identity database name 2021-01-16 21:46:07 +00:00			`static func identityDatabaseName(keychain: Keychain.Type) throws -> String {`
			`do {`
			`return try unscopedItem(.identityDatabaseName, keychain: keychain)`
			`} catch SecretsError.itemAbsent {`
			`let identityDatabaseName = UUID().uuidString`

			`try setUnscoped(identityDatabaseName, forItem: .identityDatabaseName, keychain: keychain)`

			`return identityDatabaseName`
			`}`
			`}`

Use image cache in extensions 2021-01-30 01:14:22 +00:00			`static func imageCacheKey(keychain: Keychain.Type) throws -> Data {`
			`do {`
			`return try unscopedItem(.imageCacheKey, keychain: keychain)`
			`} catch SecretsError.itemAbsent {`
			`let imageCacheKey = Data(SymmetricKey(size: .bits256).withUnsafeBytes(Array.init))`

			`try setUnscoped(imageCacheKey, forItem: .imageCacheKey, keychain: keychain)`

			`return imageCacheKey`
			`}`
			`}`

Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`// https://www.zetetic.net/sqlcipher/sqlcipher-api/#key`
The great id cleanup 2020-10-05 22:50:05 +00:00			`static func databaseKey(identityId: UUID?, keychain: Keychain.Type) throws -> String {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`let passphraseData: Data`
Refactoring 2020-09-04 06:44:04 +00:00			`let scopedSecrets: Secrets?`
Encrypt local databases 2020-09-04 06:12:06 +00:00
The great id cleanup 2020-10-05 22:50:05 +00:00			`if let identityId = identityId {`
			`scopedSecrets = Secrets(identityId: identityId, keychain: keychain)`
Refactoring 2020-09-04 06:44:04 +00:00			`} else {`
			`scopedSecrets = nil`
Encrypt local databases 2020-09-04 06:12:06 +00:00			`}`

Refactoring 2020-09-04 06:44:04 +00:00			`do {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`passphraseData = try scopedSecrets?.item(.databaseKey)`
			`?? unscopedItem(.databaseKey, keychain: keychain)`
Refactoring 2020-09-04 06:44:04 +00:00			`} catch SecretsError.itemAbsent {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`var bytes = [UInt8](repeating: 0, count: databaseKeyLength)`
			`let status = SecRandomCopyBytes(kSecRandomDefault, databaseKeyLength, &bytes)`
Encrypt local databases 2020-09-04 06:12:06 +00:00
Refactoring 2020-09-04 06:44:04 +00:00			`if status == errSecSuccess {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`passphraseData = Data(bytes)`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
Refactoring 2020-09-04 06:44:04 +00:00			`if let scopedSecrets = scopedSecrets {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`try scopedSecrets.set(passphraseData, forItem: .databaseKey)`
Refactoring 2020-09-04 06:44:04 +00:00			`} else {`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`try setUnscoped(passphraseData, forItem: .databaseKey, keychain: keychain)`
Refactoring 2020-09-04 06:44:04 +00:00			`}`
			`} else {`
			`throw NSError(status: status)`
			`}`
			`}`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00
Modularize base16 encoding 2020-09-06 21:37:54 +00:00			`return "x'\(passphraseData.base16EncodedString(options: [.uppercase]))'"`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`

Anonymous browsing improvements 2020-09-09 05:40:49 +00:00			`func deleteAllItems() {`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`for item in Secrets.Item.allCases {`
Anonymous browsing improvements 2020-09-09 05:40:49 +00:00			`do {`
			`switch item.kind {`
			`case .genericPassword:`
			`try keychain.deleteGenericPassword(`
			`account: scopedKey(item: item),`
			`service: Self.keychainServiceName)`
			`case .key:`
			`try keychain.deleteKey(applicationTag: scopedKey(item: item))`
			`}`
			`} catch {`
			`// no-op`
Refactoring 2020-08-14 01:59:17 +00:00			`}`
Refactoring 2020-08-09 02:52:41 +00:00			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`
Push notifications 2020-08-12 07:24:39 +00:00
Refactoring 2020-09-08 02:12:38 +00:00			`func getInstanceURL() throws -> URL {`
			`try item(.instanceURL)`
			`}`

			`func setInstanceURL(_ instanceURL: URL) throws {`
			`try set(instanceURL, forItem: .instanceURL)`
			`}`

The great id cleanup 2020-10-05 22:50:05 +00:00			`func getClientId() throws -> String {`
			`try item(.clientId)`
Refactoring 2020-09-04 06:44:04 +00:00			`}`

The great id cleanup 2020-10-05 22:50:05 +00:00			`func setClientId(_ clientId: String) throws {`
			`try set(clientId, forItem: .clientId)`
Refactoring 2020-09-04 06:44:04 +00:00			`}`

			`func getClientSecret() throws -> String {`
			`try item(.clientSecret)`
			`}`

			`func setClientSecret(_ clientSecret: String) throws {`
			`try set(clientSecret, forItem: .clientSecret)`
			`}`

			`func getAccessToken() throws -> String {`
			`try item(.accessToken)`
			`}`

			`func setAccessToken(_ accessToken: String) throws {`
			`try set(accessToken, forItem: .accessToken)`
			`}`

Use keychain instead of DB in notification service 2021-02-26 03:21:06 +00:00			`func getAccountId() throws -> String {`
			`try item(.accountId)`
			`}`

			`func setAccountId(_ accountId: String) throws {`
			`try set(accountId, forItem: .accountId)`
			`}`

			`func getUsername() throws -> String {`
			`try item(.username)`
			`}`

			`func setUsername(_ username: String) throws {`
			`try set(username, forItem: .username)`
			`}`

Push notifications 2020-08-12 07:24:39 +00:00			`func generatePushKeyAndReturnPublicKey() throws -> Data {`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`try keychain.generateKeyAndReturnPublicKey(`
Encrypt local databases 2020-09-04 06:12:06 +00:00			`applicationTag: scopedKey(item: .pushKey),`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`attributes: PushKey.attributes)`
Push notifications 2020-08-12 07:24:39 +00:00			`}`

			`func getPushKey() throws -> Data? {`
Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`try keychain.getPrivateKey(`
Encrypt local databases 2020-09-04 06:12:06 +00:00			`applicationTag: scopedKey(item: .pushKey),`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`attributes: PushKey.attributes)`
Push notifications 2020-08-12 07:24:39 +00:00			`}`

			`func generatePushAuth() throws -> Data {`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`var bytes = [UInt8](repeating: 0, count: PushKey.authLength)`
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`let status = SecRandomCopyBytes(kSecRandomDefault, PushKey.authLength, &bytes)`
Push notifications 2020-08-12 07:24:39 +00:00
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`if status == errSecSuccess {`
			`let pushAuth = Data(bytes)`
Push notifications 2020-08-12 07:24:39 +00:00
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`try set(pushAuth, forItem: .pushAuth)`
Push notifications 2020-08-12 07:24:39 +00:00
Better SQLCipher key logic 2020-09-04 09:44:25 +00:00			`return pushAuth`
			`} else {`
			`throw NSError(status: status)`
			`}`
Push notifications 2020-08-12 07:24:39 +00:00			`}`

			`func getPushAuth() throws -> Data? {`
			`try item(.pushAuth)`
			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`

Modularize Keychain and Secrets 2020-09-04 00:54:05 +00:00			`private extension Secrets {`
Push notifications 2020-08-12 07:24:39 +00:00			`static let keychainServiceName = "com.metabolist.metatext"`
Use app group container 2020-11-09 03:07:23 +00:00			`static let databaseKeyLength = 48`
Refactoring 2020-09-04 06:44:04 +00:00
			`private static func set(_ data: SecretsStorable, forAccount account: String, keychain: Keychain.Type) throws {`
			`try keychain.setGenericPassword(`
			`data: data.dataStoredInSecrets,`
			`forAccount: account,`
			`service: keychainServiceName)`
			`}`

			`private static func get<T: SecretsStorable>(account: String, keychain: Keychain.Type) throws -> T {`
			`guard let data = try keychain.getGenericPassword(`
			`account: account,`
			`service: keychainServiceName) else {`
			`throw SecretsError.itemAbsent`
			`}`

			`return try T.fromDataStoredInSecrets(data)`
			`}`

			`static func setUnscoped(_ data: SecretsStorable, forItem item: Item, keychain: Keychain.Type) throws {`
			`try set(data, forAccount: item.rawValue, keychain: keychain)`
			`}`

			`static func unscopedItem<T: SecretsStorable>(_ item: Item, keychain: Keychain.Type) throws -> T {`
			`try get(account: item.rawValue, keychain: keychain)`
			`}`
Push notifications 2020-08-12 07:24:39 +00:00
Encrypt local databases 2020-09-04 06:12:06 +00:00			`func scopedKey(item: Item) -> String {`
Style changes 2020-12-03 22:40:33 +00:00			`identityId.uuidString.appending(".").appending(item.rawValue)`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`
Refactoring 2020-09-04 06:44:04 +00:00
			`func set(_ data: SecretsStorable, forItem item: Item) throws {`
			`try Self.set(data, forAccount: scopedKey(item: item), keychain: keychain)`
			`}`

			`func item<T: SecretsStorable>(_ item: Item) throws -> T {`
			`try Self.get(account: scopedKey(item: item), keychain: keychain)`
			`}`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`}`

			`extension Data: SecretsStorable {`
wip 2020-08-31 10:21:01 +00:00			`public var dataStoredInSecrets: Data { self }`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
wip 2020-08-31 10:21:01 +00:00			`public static func fromDataStoredInSecrets(_ data: Data) throws -> Data {`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`data`
			`}`
			`}`

			`extension String: SecretsStorable {`
wip 2020-08-31 10:21:01 +00:00			`public var dataStoredInSecrets: Data { Data(utf8) }`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00
wip 2020-08-31 10:21:01 +00:00			`public static func fromDataStoredInSecrets(_ data: Data) throws -> String {`
Import and refactor stuff from old UIKit project 2020-07-29 23:50:30 +00:00			`guard let string = String(data: data, encoding: .utf8) else {`
			`throw SecretsStorableError.conversionFromDataStoredInSecrets(data)`
			`}`

			`return string`
			`}`
			`}`
Add push notification service extension 2020-08-13 10:18:21 +00:00
Refactoring 2020-09-08 02:12:38 +00:00			`extension URL: SecretsStorable {`
			`public var dataStoredInSecrets: Data { absoluteString.dataStoredInSecrets }`

			`public static func fromDataStoredInSecrets(_ data: Data) throws -> URL {`
			`guard let url = URL(string: try String.fromDataStoredInSecrets(data)) else {`
			`throw SecretsStorableError.conversionFromDataStoredInSecrets(data)`
			`}`

			`return url`
			`}`
			`}`

wip 2020-08-31 10:21:01 +00:00			`private struct PushKey {`
Add push notification service extension 2020-08-13 10:18:21 +00:00			`static let authLength = 16`
			`static let sizeInBits = 256`
			`static let attributes: [String: Any] = [`
			`kSecAttrKeyType as String: kSecAttrKeyTypeECSECPrimeRandom,`
			`kSecAttrKeySizeInBits as String: sizeInBits]`
			`}`