Comment by arianvanp

5 months ago

Why is it more secure: a key file on disk is decrypted into memory every time you enter your passphrase. It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.

The exported key you can keep in a safe for disaster recovery. You shouldn't keep it on your computer of course.

18 comments

arianvanp

Reply
gruez  5 months ago

>It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.

But malware can just tell the secure enclave to export the key? Yes, they'll have to write new code to do that, but it's not particularly hard (it's 1 line code from your example above), and it's security through obscurity.

  • arianvanp  5 months ago

    The export operation is guarded by TouchID. So the malware needs to trick you into performing the TouchID gesture.

    But yeh the malware only needs to trick you to hit TouchID once. Instead of on each sign operation. So if that's in your threat model don't make the key exportable.

    • gruez  5 months ago

      > So the malware needs to trick you into performing the TouchID gesture.

      That's not meaningfully more difficult than tricking you into revealing your key file password.

      >Instead of on each sign operation.

      But from your video each sign operation also requires a touchid prompt?

      8 replies →

  • epistasis  5 months ago

    As a user I prefer a single touch to typing a passphrase every time. A passphrase also has other attack vectors like keylogging, etc., which would allow replays.

    But even if security was exactly the same, I'd prefer the touch to the typing.

  • monocularvision  5 months ago

    The malware would have to prompt for biometric authentication before exporting.

    • Nextgrid  5 months ago

      So it just has to wait until you’re about to do a legitimate operation requiring authentication, intercept that to export the key, and cancel the real one with a bogus error (and you’ll just try again without any second thoughts).

      MacOS has also no concept of secure desktop/etc where the OS can use some privileged UI to explicitly tell you what you are signing and prompt for PIN/biometrics. It’s in fact a well-known problem where legitimate dialogs for system/Apple ID password have no distinguishing features from fake ones.

      2 replies →

traceroute66  5 months ago

> The exported key you can keep in a safe for disaster recovery.

No. Your "disaster recovery" should be either a second device with a Secure Enclave, or a Yubikey.

Making it exportable from the Secure Enclave defeats the whole purpose.