๐Ÿ”‘ Secure Enclave ๐Ÿ”‘ Secure Enclave

๐Ÿ”‘ Secure Enclave

Dmitry Machulo Dmitry Machulo
The Secure Enclave is a hardware-based key manager thatโ€™s isolated from the main processor to provide an extra layer of security. When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome. (c) Appleโ€™s developers' documentation

Termius for iOS allows you to generate a key inside the Secure Enclave Processor and use it for SSH connections. A SEP key can't be accessed by Termius or iOS. Thus, SEP keys are not synchronized (even across iOS devices).

โ„น๏ธ Secure Enclave is available on iPhone 5s and iPad Air or later models of these devices.

Before generating a SEP key, you must protect your device with a passcode, TouchID / FaceID. Youโ€™ll be asked to authenticate with one of these methods during a connection. Successful authentication with one of these methods allows you to access the key.

โš ๏ธ Once you change a passcode, all previously generated SEP keys stop working.

โ˜๏ธ Like other kinds of keys, SEP keys can be used for agent forwarding.

SEP-nn.png   SEP-n.png

Generate a SEP Key

  1. Open the Keychain screen.
  2. Tap + and then Generate Secure Enclave Key.
  3. Specify the parameters of the key. Add a passphrase, if desired, and check Save passphrase so as not to be asked for it every time upon connection.
  4. Tap Save / โœ“. If your device isnโ€™t protected with a passcode, TouchID, or FaceID, youโ€™ll see an error message.

Export a SEP Key to a Host

As with other kinds of keys, you can export a SEP key to a host. That is you can add its public part to the authorized_keys file, which is stored on the server, right from the app (if it's an OpenSSH server).

  1. Open the Keychain screen.
  2. Tap and hold the required key.
  3. Choose Share and then Export to Host.
  4. Tap the required host and then Export.

Add comment

Please sign in to leave a comment.