[HN Gopher] Secretive: An app for storing and managing SSH keys ...
___________________________________________________________________
Secretive: An app for storing and managing SSH keys in the Secure
Enclave
Author : tosh
Score : 33 points
Date : 2021-10-13 15:22 UTC (7 hours ago)
(HTM) web link (github.com)
(TXT) w3m dump (github.com)
| yewenjie wrote:
| Is it a bad idea to store ssh keys in a password manager like
| Bitwarden? If yes, what other easily portable options are out
| there?
| tw04 wrote:
| Yubikey would probably be a better alternative.
| vineyardmike wrote:
| Any idea how to set my YubiKey up to handle this?
| smorgusofborg wrote:
| If all the servers you talk to are up to date enough to
| accept SK keys, I would use one:
|
| https://www.yubico.com/blog/github-now-supports-ssh-
| security...
| dividuum wrote:
| Better than having then unencrypted (unless you set a
| passphrase) on the filesystem for every rogue process to grab.
| The issue with password managers is the key is then most likely
| still accessible from other processes while the password
| manager is unlocked. On linux for example by poking around in
| /dev/mem or /dev/kmem. There are way that help with that like
| memfd_secret. A secure enclave or similar side processor avoids
| this issue by running within its own isolated memory and this
| processor also handles all key operations, so the key never
| enters the main memory.
| egberts1 wrote:
| That's why /proc isn't mounted as readable.
|
| Problem solved, oh oops sorry systemd.
| SkyMarshal wrote:
| Looks like this is only for Macs with Secure Enclaves. Does
| Apple's own Keychain app not do this? I would have thought that
| would utilize Secure Enclave too.
___________________________________________________________________
(page generated 2021-10-13 23:02 UTC)