Is it possible to use keychain-dumper to extract private keys that are protected by the secure enclave?
Keychain-dumper works with "/private/var/Keychains/keychain-2.db". If a private key is generated using SecGenerateKeyPair() with the kSecAttrTokenIDSecureEnclave attribute, will it still reside in keychain-2.db?
No, it won't reside on the keystore.
The secure enclave and the keystore are two different things:
KeyStore, is a secure database, implemented in iOS. It resides in the filesystem. While it is built with security in mind (I don't want to characterise anything as "secure") and is encrypted on the filesystem, its contents at specific time frames reside on the system memory unencrypted.
Secure Enclave is a completely different chip. it runs a separate operating system and can only be instructed to conduct some operations. It offers anti tampering mechanisms, TRNG (True Random Number Generator), etc. Keys can NOT be imported or exported, only generated and of course can be used for cryptographic operations.
It should be noted though, that only signing & validation ECC operations can take place in the secure enclave, as stated here.
EDIT: Validation & signing is the same operation with encryption & decryption, only the used key is changed. On signing the private key is used (so verification can happen with your public key) and on encryption the public key is used (so only you can decrypt it with your private key)
