
Secretive – macOS native app to store SSH keys in the Secure Enclave - guessmyname
https://github.com/maxgoedjen/secretive
======
Metus
For anyone not aware, you can use macOS's keychain to store ssh key passwords
and have them unlock at login. This way you can have the benefits and
convenience of password managers in the command line for SSH certificates.

[https://apple.stackexchange.com/questions/48502/how-can-i-
pe...](https://apple.stackexchange.com/questions/48502/how-can-i-permanently-
add-my-ssh-private-key-to-keychain-so-it-is-automatically)

~~~
mfontani
Does it have touch to authorise (doesn't seem to support that), or is it just
going to send on all of one's currently-loaded SSH keys whenever one connects
with -A (seems to)?

> You can configure your key so that they require Touch ID (or Watch)
> authentication before they're accessed.

That, to me, would be a key thing to want to have: something that tells me
"hey, Terminal just wanted to access your Github key. Is that okay?"

If I'm git pushing, that's fine. If I just connected to a random server...
that's not okay. What is that trying to do? Deny.

~~~
Metus
After researching this for a while, it seems there is no documented, native
option to do this. The only option is to unlock all SSH keys all the time,
which makes them less secure than the passwords for websites managed by the
exact same keychain. Which, in my opinion, is _weird_.

Do they employees at Apple use a different system altogether? Because the
built-in one doesn't seem very secure. Or maybe I am using it wrong, who
knows.

In a similar vein, is there an exhaustive manual for macOS? It bugs me that
Apple machines cost a small fortune, the OS is full of nifty features, but
there is no non-superficial manual shipped with it.

~~~
fragmede
_> which makes them less secure than the passwords for websites managed by the
exact same keychain_

That's NOT true. While giving out _less_ information to untrusted parties is
obviously better than more, the private key itself is not transmitted directly
to the server. This means that connecting to an attacker's SSH server doesn't
give them a copy of your private key, so they _can 't_ then connect to your
SSH servers.

~~~
kortilla
The scenario here is with -A (agent forwarding). This means as long as you’re
connected to a server with that enabled, that server can auth as you to a
bunch of other stuff by having your client do it silently.

------
g_p
For anyone interested in a standardised/Linux-compatible version of this,
check out PKCS11 tokens. Smartcards can and do implement this spec, and if you
use PKCS11, the secret is used from the token to sign an SSH login (for
example), without being revealed.

This means the secret itself stays on the card. You can combine this with
certificates if needed; the smartcard handles the authentication. Using PKCS11
tokens is supported in recent openssh versions. You can also use them for
client certificate authentication in web browsers. For anyone familiar with
DoD CACs, this is similar - I believe they use a particular card with a
proprietary PKCS11 driver, but you can use opensc with any card running a
PKCS11 applet.

Some refs:

[https://zerowidthjoiner.net/2019/01/12/using-ssh-public-
key-...](https://zerowidthjoiner.net/2019/01/12/using-ssh-public-key-
authentication-with-a-smart-card)

[https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PK...](https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html)

~~~
Youden
You can also do it with PGP smartcards like the open-source NitroKey [0].

For a more analogous equivalent though, there's the tpm2-pkcs11 project [1]
that uses anything conforming to the TCG TPM2 spec [2], which includes a
surprisingly wide variety of hardware, including many motherboards. My XPS 13
for example has one.

What I'd really like to see though is something that uses the TPM for __host
__verification rather than client verification. I 'd love to be able to ensure
that the only way for a machine to give me the host key I expect is for that
machine to be hardware I own running verified software (e.g. verified by
Secure Boot with a custom key).

[0]: [https://www.nitrokey.com/](https://www.nitrokey.com/)

[1]:
[https://github.com/tpm2-software/tpm2-pkcs11/blob/master/doc...](https://github.com/tpm2-software/tpm2-pkcs11/blob/master/docs/SSH.md)

[2]: [https://trustedcomputinggroup.org/resource/tpm-library-
speci...](https://trustedcomputinggroup.org/resource/tpm-library-
specification/)

~~~
g_p
Indeed, PGP smartcards should work too, as should cards using the open-source
ISOApplet.

I also played around with tpm2-pkcs11 last year and it worked nicely, and has
support on a lot of devices like the XPS (which works really well on Linux!)

Your idea for using TPM as host verification makes a lot of sense to me - as
it stands right now, I'm playing around with this for a side project right
now, and a TPM-backed key which is bound to the right PCRs should give you
assurance secure boot is enabled, with your own custom keys, and that it
loaded your signed Grub, booting your signed kernel.

Got all the secure boot stuff working, now need to figure out what to use the
TPM for - options are remote attestation, where server verifies the
attestation signature (but this wouldn't be particularly standardised),
network level authentication (actually easier - IIRC NetworkManager supports
802.1x authentication using PKCS11, so you can use tpm2-pkcs11 for that), or
disk encryption.

Assuming you mean for the remote-end host key, and assuming your server has a
TPM available, I reckon that could be quite interesting, but it doesn't look
like openssh supports using PKCS11 for HostKey access. Would need to see if
the key is used often, or if it's just used to establish connections (since
PKCS11 crypto is usually pretty slow, but fine for one-off authentications).

As a closing note for time-travellers from the future etc, worth remembering
TPM is far from perfect, and there's quite a few nice attacks if you can
"sniff" the serial lines from the motherboard to the TPM itself. And if using
the fTPM (firmware TPM), the regular Intel SGX/TXE holes will likely
compromise the TPM security properties.

------
john_alan
Cool but the enclave only supports the secp256r1 curve, whose coefficients are
NSA chosen.

~~~
ashildr
While I don‘t think that this is relevant for my personal thread scenarios, I
think that this is unfortunate at least and Apple should change it with new
hardware.

~~~
john_alan
Ya problem is it’s all NIST “approved” and US companies love that because it
means the government is happy to use their products.

------
philistine
Does this mean that the Secure Enclave is accessible by the user? If so, it
prompts so many questions. How much disk space is available on the Enclave,
for example.

~~~
bdcravens
Totally a tangent, but it's interesting that we still refer to things as "disk
space" even in the era of flash storage

~~~
epistasis
I wonder what a better term for disk storage would be. Block storage, in the
way that cloud services refer to it? Just plain "storage"?

~~~
jbverschoor
Non Volatile Memory

Volatile Memory gets “erased” when powered off

~~~
epistasis
Accurate, and in usage in technical circles already. But I've always found it
awkward, and names based on what something is not are always unsettling to me.

~~~
jbverschoor
Then just Memory. That’s what elderly and nontechies usually call it. And it’s
correct. Even more correct with always-on-computing and automatic state saving

------
miguelmota
I've been using a YubiKey device for SSH using yubikey-agent [0] and it's been
great since it’s not possible to extract keys from hardware keys and the
device is carried with me. The agent is also integrated with pinentry so it
requires a pin code for the session.

[0] [https://github.com/FiloSottile/yubikey-
agent](https://github.com/FiloSottile/yubikey-agent)

~~~
StavrosK
You don't even need the agent with the latest SSH versions, SSH can now use
U2F natively, which is wonderful.

~~~
miguelmota
Oh cool didn't not know that. That’s awesome.

------
krrrh
A similar product that works on macs without a secure enclave by storing keys
on the secure enclave of your iPhone is krypton.

[https://krypt.co/developers/](https://krypt.co/developers/)

~~~
cynix
Been using this since the beginning and it’s great. However, there has been no
updates ever since they were acquired by Akamai. A bit worried it’ll suddenly
stop working one day...

~~~
judge2020
Thankfully (i believe) everything that goes into it is open source
[https://github.com/kryptco](https://github.com/kryptco)

~~~
hanche
The github repo seems to be updated only to version 2.5.6 (according to commit
message) or 2.5.7 (according to a tag), whereas the latest version on the app
store is 2.6.0.

But also, the LICENSE file simply says “All Rights Reserved”.

------
pqdbr
From the FAQ:

> Q: How do I import my current SSH keys, or export my Secretive Keys?

> A: The secure enclave doesn't allow import or export of private keys. For
> any new computer, you should just create a new set of keys. If you're using
> a smart card, you might be able to export your private key from the vendor's
> software.

I don't get it. If so, how am I supposed to back up my keys in case of a
hardware failure or hardware theft?

~~~
GekkePrutser
Like the others have said: You just use multiple. You can just add multiple
keys to the authorized_keys file.

This is actually the perfect scenario because an attacker can never get hold
of the private key. That means that the key is unique: If it's in your hands,
it means an attacker doesn't have it. Most smart cards work this way, they
generate the private key inside and it can never leave the hardware, you can
only prove you have it by using it to sign or encrypt something.

This is very different from SSH keyfiles on disk which can be stolen in many
ways, and as such can be compromised without you ever knowing about it.

It's really cool that we can now use this functionality for SSH too. I
currently use Yubikeys in OpenPGP mode for this but I might switch to this
once I get a T2-enabled Mac.

~~~
pqdbr
By "you just use multiple", you mean I would have to generate extra private
keys, add them to authorized_keys, and store them somewhere other than my mac,
right?

Because just by using multiple keys I would still be locked out if all of them
were stored in this 'Secretive' app.

~~~
zymhan
If you only have a single SSH key as the only method of authenticating
somewhere, you already have a dangerous single point of failure.

~~~
comex
Not if you have multiple copies of the private key. But yes, there are
advantages to having any given key only exist in one place.

~~~
NovemberWhiskey
If you are making multiple copies of a private key in different places, why
wouldn't you just keep a _different_ private key in each of those places along
with its corresponding public key though?

That way, you can remove trust from just one of them if you (e.g.) have your
computer stolen.

------
justincormack
I have been using sekey for this for a while. Its pretty nice, I mean you do
need to auth quite a bit if you use git clone over ssh a lot, but it does mean
you know when keys are used.

~~~
metafunctor
Yep, it’s so much better than just key files: keeps key material in a secure
system (Secure Enclave), you know when a key is used (standard macOS security
prompt), and requires a physical interaction (Touch ID) to use a key.

~~~
threentaway
So, a non-portable YubiKey?

~~~
kitsunesoba
More like a built-in YubiKey. It's a convenience. When using one's MacBook,
you don't need to pull your YubiKey out of your bag/drawer/etc to
authenticate, and if you're traveling you can just leave YubiKey at home/the
office, giving you one less thing to lose.

------
djoshea
Does anyone know of a way to guard rclone passwords that would be stored in
rclone.conf? Is it possible to leverage the keychain or this tool for this?
Typically passwords for sftp logins are stored with a reversible hash (see
`rclone reveal`), which isn't ideal.

------
AlexCoventry
Is a similar service available for yubikeys connected to linux machines?

~~~
vladvasiliu
There is:

[https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-
yubike...](https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/)

[https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PK...](https://developers.yubico.com/PIV/Guides/SSH_with_PIV_and_PKCS11.html)

The yubikey (at least some models) can work as a smartcard.

~~~
AlexCoventry
Thanks.

------
vdfs
> Auditable Build Process

> Builds are produced by GitHub Actions with an auditable build and release
> generation process. Each build has a "Document SHAs" step, which will output
> SHA checksums for the build produced by the GitHub Action, so you can verify
> that the source code for a given build corresponds to any given release

What will stop an attacker from hard coding code source file hashes? I'm not
saying they will, just that it's a bad method of making binaries auditable

~~~
gruez
Nothing. The point is that you can replicate the same steps on your local
machine and the hashes should be the same. If they're not it means either
github actions and/or the repo owner has been compromised.

------
old-gregg
For the love of God, please stop using SSH keys. Almost every "company X is
hacked" title on HN can be traced to leaked SSH credentials.

Use auto-expiring certificates that are issued after a proper SSO+2FA flow:

[https://gravitational.com/blog/how-to-ssh-
properly/](https://gravitational.com/blog/how-to-ssh-properly/)

~~~
resfirestar
> Almost every "company X is hacked" title on HN can be traced to leaked SSH
> credentials.

I don’t think that’s anywhere close to true but I’d be interested if you have
reason to believe it is or some examples. Or maybe it’s intentional hyperbole?

~~~
kortilla
Intentional hyperbole to sling blog spam. That link is to a site the OP claims
in profile.

------
rcarmo
This is the sort of thing I would have expected Apple to do back when they
didn’t care about macOS at all. Or that they should do now that they are
refactoring it.

------
christopherbalz
So, macOS keychain simply doesn't have the ability to store in secure enclave?

------
walterbell
Could this be possible on iOS devices, which also have a secure enclave?

~~~
alibert
You could check [https://krypt.co](https://krypt.co)

(not affiliated)

~~~
walterbell
Thanks, that reminded me of upcoming iOS 14 support for WebAuth/FIDO. Perhaps
that can be extended to SSH auth.

~~~
danieldk
Do you mean with Face ID? Since WebAuth/FIDO already work with iOS 13. I have
been using U2F with my YubiKey (whichever one has NFC).

~~~
vladvasiliu
Not quite. The point is to use just the iPhone as the authenticator, without
an external token.

See announcement here: [https://developer.apple.com/documentation/safari-
release-not...](https://developer.apple.com/documentation/safari-release-
notes/safari-14-beta-release-notes)

I think it was posted on HN a few days ago, but I can't find it right now.

------
fehyjn
Is is possible to recreate this using Windows Hello and TPM?

~~~
muststopmyths
hmm, interesting question. should be. Windows Hello generates RSA keypairs I
think. Can you just use those as SSH keys ? The OS will take care of securing
them in TPM if available.

If you wanted to use conventional file-based keypairs and secure the
"passphrase" instead, maybe use the Hello private key to encrypt the
passphrase into the credential store ? I am not up-to-date on whether there's
a newer more secure way to store credentials, but seems like forcing a Windows
Hello action to decrypt the data in the store should be sufficient.

I could be missing something though. Otherwise you'd think there'd be a
solution from Microsoft already.

------
jeffbee
Nice to see this going mainstream after only

 _checks almanac_

... a quarter-century of standards and practices.

