feat: v1.5.1, secure enclave key can store in keychain or not

Cargo.lock

@@ -1700,7 +1700,7 @@ dependencies = [
 
 [[package]]
 name = "tiny-encrypt"
-version = "1.5.0"
+version = "1.5.1"
 dependencies = [
  "aes-gcm-stream",
  "base64",

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "tiny-encrypt"
-version = "1.5.0"
+version = "1.5.1"
 edition = "2021"
 license = "MIT"
 description = "A simple and tiny file encrypt tool"

src/cmd_initkeychain.rs

@@ -13,6 +13,9 @@ pub struct CmdInitKeychain {
     /// Secure Enclave
     #[arg(long, short = 'S')]
     pub secure_enclave: bool,
+    /// Expose secure enclave private key data
+    #[arg(long, short = 'E')]
+    pub expose_secure_enclave_private_key: bool,
     // /// Keychain name, or default
     // #[arg(long, short = 'c')]
     // pub keychain_name: Option<String>,
@@ -45,20 +48,24 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
 
     let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
     let key_name = &cmd_init_keychain.key_name;
-    let keychain_key = KeychainKey::from("", service_name, key_name);
 
     let (public_key_hex, private_key_base64) = util_keychainkey::generate_se_p256_keypair()?;
     let public_key_compressed_hex = public_key_hex.chars()
         .skip(2).take(public_key_hex.len() / 2 - 1).collect::<String>();
-
-    keychain_key.set_password(private_key_base64.as_bytes())?;
+    let saved_arg0 = if cmd_init_keychain.expose_secure_enclave_private_key {
+        private_key_base64
+    } else {
+        let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
+        keychain_key.set_password(private_key_base64.as_bytes())?;
+        keychain_key.to_str()
+    };
 
     let config_envelop = TinyEncryptConfigEnvelop {
         r#type: TinyEncryptEnvelopType::KeyP256,
         sid: Some(cmd_init_keychain.key_name.clone()),
         kid: format!("keychain:02{}", &public_key_compressed_hex),
         desc: Some("Keychain Secure Enclave".to_string()),
-        args: Some(vec![keychain_key.to_str()]),
+        args: Some(vec![saved_arg0]),
         public_part: public_key_hex,
     };
 
@@ -70,7 +77,7 @@ pub fn keychain_key_se(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
 pub fn keychain_key_static(cmd_init_keychain: CmdInitKeychain) -> XResult<()> {
     let service_name = cmd_init_keychain.server_name.as_deref().unwrap_or(DEFAULT_SERVICE_NAME);
     let key_name = &cmd_init_keychain.key_name;
-    let keychain_key = KeychainKey::from("", service_name, key_name);
+    let keychain_key = KeychainKey::from_default_keychain(service_name, key_name);
 
     let public_key = match keychain_key.get_password()? {
         Some(static_x25519) => {

src/util_keychainstatic.rs

@@ -69,6 +69,10 @@ impl X25519StaticSecret {
 }
 
 impl KeychainKey {
+    pub fn from_default_keychain(service_name: &str, key_name: &str) -> Self {
+        Self::from("", service_name, key_name)
+    }
+
     pub fn from(keychain_name: &str, service_name: &str, key_name: &str) -> Self {
         Self {
             keychain_name: keychain_name.to_string(),