Restrict to EC only

SecretKit/Common/OpenSSH/OpenSSHKeyWriter.swift

@@ -37,8 +37,6 @@ extension OpenSSHKeyWriter {
         switch algorithm {
         case .ellipticCurve:
             return "nistp" + String(describing: length)
-        case .rsa:
-            return "ssh-rsa"
         }
     }
 
@@ -46,8 +44,6 @@ extension OpenSSHKeyWriter {
         switch algorithm {
         case .ellipticCurve:
             return "ecdsa-sha2-nistp" + String(describing: length)
-        case .rsa:
-            return "ssh-rsa"
         }
     }
 }

SecretKit/Secret.swift

@@ -8,14 +8,12 @@ public protocol Secret: Identifiable, Hashable {
 }
 
 public enum Algorithm {
-    case ellipticCurve, rsa
+    case ellipticCurve
     public init(secAttr: NSNumber) {
         let secAttrString = secAttr.stringValue as CFString
         switch secAttrString {
         case kSecAttrKeyTypeEC:
             self = .ellipticCurve
-        case kSecAttrKeyTypeRSA:
-            self = .rsa
         default:
             fatalError()
         }

SecretKit/SmartCard/SmartCardStore.swift

@@ -67,8 +67,6 @@ extension SmartCard {
                 signatureAlgorithm = .ecdsaSignatureMessageX962SHA256
             case (.ellipticCurve, 384):
                 signatureAlgorithm = .ecdsaSignatureMessageX962SHA384
-            case (.rsa, _):
-                signatureAlgorithm = .rsaSignatureRaw
             default:
                 fatalError()
             }
@@ -102,6 +100,7 @@ extension SmartCard.Store {
         let attributes = [
             kSecClass: kSecClassKey,
             kSecAttrTokenID: tokenID,
+            kSecAttrKeyType: kSecAttrKeyTypeEC, // Restrict to EC
             kSecReturnRef: true,
             kSecMatchLimit: kSecMatchLimitAll,
             kSecReturnAttributes: true