Native Secure Enclave backed SSH keys on macOS
Native Secure Enclave backed ssh keys on MacOS It turns out that MacOS Tahoe can generate and use secure-enclave backed SSH keys! This replaces projects like https://github.com/maxgoedjen/secretive There is a shared library /usr/lib/ssh-keychain.dylib that traditionally has been used to add smartcard support to ssh by implementing PKCS11Provider interface. However since recently it also implements SecurityKeyProivder which supports loading keys directly from the secure enclave! recording.mov Key setup See man sc_auth and man ssh-keychain for all the options To create a Secure Enclave backed key that requires biometrics, run the following command and press TouchID: % sc_auth create-ctk-identity -l ssh -k p-256-ne -t bio You can confirm that the key was create with the…
