Comment by gruez
5 months ago
>The key is stored encrypted with a unique symmetric key that only your secure enclave knows until the point that you export it. It then re-encrypts it with the password.
But what's the security benefit of this compared to having a keyfile? So far as I can tell from the commands you provided, there's no real difference, aside from a hacker having to modify their stealer script slightly.
Why is it more secure: a key file on disk is decrypted into memory every time you enter your passphrase. It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.
The exported key you can keep in a safe for disaster recovery. You shouldn't keep it on your computer of course.
>It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.
But malware can just tell the secure enclave to export the key? Yes, they'll have to write new code to do that, but it's not particularly hard (it's 1 line code from your example above), and it's security through obscurity.
The export operation is guarded by TouchID. So the malware needs to trick you into performing the TouchID gesture.
But yeh the malware only needs to trick you to hit TouchID once. Instead of on each sign operation. So if that's in your threat model don't make the key exportable.
9 replies →
As a user I prefer a single touch to typing a passphrase every time. A passphrase also has other attack vectors like keylogging, etc., which would allow replays.
But even if security was exactly the same, I'd prefer the touch to the typing.
The malware would have to prompt for biometric authentication before exporting.
3 replies →
> The exported key you can keep in a safe for disaster recovery.
No. Your "disaster recovery" should be either a second device with a Secure Enclave, or a Yubikey.
Making it exportable from the Secure Enclave defeats the whole purpose.
Unlike a TPM and like a YubiKey, you can configure the secure enclave to require presence (via Touch ID) so that a stealer script would be stopped with a prompt.
Until the next time you touch your Touch ID for any other operation. It seems realistic for an attacker script to anticipate that and open its own prompt at the right moment (i.e. with your finger already on the way to the button).