From d68479cf10bbacec6d651b4c794ced4873bb7f65 Mon Sep 17 00:00:00 2001
From: Max Goedjen <max.goedjen@gmail.com>
Date: Wed, 23 Sep 2020 21:22:41 -0700
Subject: [PATCH] Figured out how to prompt!

kSecUseOperationPrompt, your docs are bad.
---
 SecretKit/SecureEnclave/SecureEnclaveStore.swift | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/SecretKit/SecureEnclave/SecureEnclaveStore.swift b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
index a0e00a2..aedb586 100644
--- a/SecretKit/SecureEnclave/SecureEnclaveStore.swift
+++ b/SecretKit/SecureEnclave/SecureEnclaveStore.swift
@@ -1,6 +1,7 @@
 import Foundation
 import Security
 import CryptoTokenKit
+import LocalAuthentication
 
 extension SecureEnclave {
 
@@ -76,6 +77,9 @@ extension SecureEnclave {
         }
 
         public func sign(data: Data, with secret: SecretType) throws -> Data {
+            let context = LAContext()
+            context.localizedReason = "sign a request from Terminal using secret \"\(secret.name)\""
+            context.localizedCancelTitle = "Deny"
             let attributes = [
                 kSecClass: kSecClassKey,
                 kSecAttrKeyClass: kSecAttrKeyClassPrivate,
@@ -83,6 +87,7 @@ extension SecureEnclave {
                 kSecAttrKeyType: Constants.keyType,
                 kSecAttrTokenID: kSecAttrTokenIDSecureEnclave,
                 kSecAttrApplicationTag: Constants.keyTag,
+                kSecUseAuthenticationContext: context,
                 kSecReturnRef: true
                 ] as CFDictionary
             var untyped: CFTypeRef?