Unlocking private key using biometric token

hvjunk hvjunk at gmail.com
Mon Jun 16 22:19:11 AEST 2025



> On 16 Jun 2025, at 14:13, Márton Gunyhó <marci at gunyho.com> wrote:
> 
>> A fingerprint is never used as an encryption key. ... The private key is stored in a secure enclave, and the secure enclave permits crypto operations using that key when the appropriate fingerprint or PIN is presented to it. Hence there's quite a lot of integration required.
> I see, makes sense. I guess OpenSSH doesn't have this integration on Linux?


Look at the ssh-agent providers, they are the ones to implement this behaviour



More information about the openssh-unix-dev mailing list