Unlocking private key using biometric token
hvjunk
hvjunk at gmail.com
Mon Jun 16 22:19:11 AEST 2025
> On 16 Jun 2025, at 14:13, Márton Gunyhó <marci at gunyho.com> wrote:
>
>> A fingerprint is never used as an encryption key. ... The private key is stored in a secure enclave, and the secure enclave permits crypto operations using that key when the appropriate fingerprint or PIN is presented to it. Hence there's quite a lot of integration required.
> I see, makes sense. I guess OpenSSH doesn't have this integration on Linux?
Look at the ssh-agent providers, they are the ones to implement this behaviour
More information about the openssh-unix-dev
mailing list