The Secure Enclave is a coprocessor integrated into Apple devices and provides secure storage and processing capabilities for sensitive data. It stores and processes sensitive data, such as fingerprints and encryption keys, which protect the device from unauthorized access. The Secure Enclave is isolated from the central processor.

It runs its operating system, Secure Enclave Processor OS (sepOS), making it more difficult for attackers to compromise the data stored on it.

It also provides a hardware-based random number generator. It can perform cryptographic operations such as encryption and decryption.

It works as a signer and is responsible for signing all transactions of Banana Wallet.

Architecture

Secure Enclave Processor (SEP)

• The primary computing resource of Secure Enclave is entirely separate from the device's OS.

• Manages how to encrypt the files and what kind of encryption to use.

Secure Enclave AES Engine

• It is used to perform symmetric cryptography based on the AES cypher.

• Hardware keys are derived from the Secure Enclave UID or GID.

Public Key Accelerator (PKA)

• A hardware block is used to perform asymmetric cryptography operations.

• The PKA supports RSA and ECC (Elliptic Curve Cryptography) signing and encryption algorithms.

Secure non-volatile storage (NVRAM)

• Stores various types of keys, including encryption keys used by the AES engine, public and private keys used by the PKA, and other sensitive data such as biometric templates for Touch ID and Face ID.