Biometric Keys (SEP, Keystore) Biometric Keys (SEP, Keystore)

Biometric Keys (SEP, Keystore)

Dmitry Machulo Dmitry Machulo

Termius for iOS, macOS and Android allows you to generate an SSH key inside an isolated hardware subsystem and use it for SSH connections. The key is generated inside Secure Enclave (SEP) on iOS and macOS and Keystore on Android. The private part of such a key cannot be accessed by Termius or the OS.

Before generating a key in Secure Enclave / Keystore, you'll need to protect your device with Touch ID / fingerprint, Face ID / face recognition, or passcode, if you're using iOS or macOS. You'll be asked to authenticate using one of these methods during a connection.

ezgif-4-0f9aef03d4.gif

As of now, it is possible to generate only 256-bit ECDSA keys.

Note: Generating a biometric key requires Android 9 or a newer version.

Important: Resetting the protection of your device will make all previously generated keys unusable.

Generate a biometric key

  1. In Preferences, choose Keychain.
  2. Click + New hardware key and then Generate biometric key.
  3. (Optionally) in the Set a label... field, provide a name for the key.
  4. Click Generate.
    ezgif-4-b2087cf799.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate biometric key.
  3. In the Name field, provide a name for the key, and tap Generate.
  4. ezgif-1-2516bf3fcb.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate biometric key.
  3. In the Name field, provide a name for the key, and tap ✔️.
    16606710177233467091094884614823.gif

Important: Since the private part of a biometric key cannot be accessed by Termius, it will not be synchronized to your other devices with Termius.

Export a biometric key

As with other kinds of keys, you can use Termius to add a key's public part to an authorized_keys file stored on a host. On iOS, the key will be automatically attached to that host's entry.

  1. In Preferences, choose Keychain.
  2. Right-click the key in question and click Export to host.
  3. Click Select host and select the host to which you want to upload the key.
  4. Uncheck Attach to host, if you don't want the key to be linked with the selected host.
  5. Adjust the other parameters, if desired.
  6. Click Export key.
    ezgif-4-d31681dd61.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then choose Share and Export to host.
  3. Adjust the export parameters, if desired.
  4. Tap the required host and then Export.
  5. hk-ezgif-1-53c1209a55.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then tap and Export to host.
  3. Adjust the export parameters, if desired.
  4. Tap the required host and then Export.
    16606715391283890497656996004251.gif

Was this article helpful?

13 out of 29 found this helpful

Add comment

Please sign in to leave a comment.