Apple's SSH x OpenSSH (brew) x CTK x Security Key types
Lucas Holt
luke at foolishgames.com
Fri Jul 5 13:00:46 AEST 2024
On 7/4/24 8:57 AM, Jan Schermer wrote:
> Hi,
> What I was trying to do (apart from toying with stuff) was to get a realiable, single, portable/importable credential that would be universally available whenever I need it but in normal operation would be either stored in or wrapped by Secure Enclave (this means EC keys), instead of provisioning 5 resident FIDO keys, one Secretive SE-wrapper key and a backup key. (I know, I could use certificates, and maybe I will!).
My first thought was that this might be vulnerable to attack to get
access to the keys with the public M1/M2 exploit against the secure
enclave due to the cache bug. If this was fixed in the M4, maybe you
could limit it's use to newer apple silicon.
Lucas Holt
More information about the openssh-unix-dev
mailing list