Biometric Keys (Secure Enclave) Biometric Keys (Secure Enclave)

Biometric Keys (Secure Enclave)

Dmitry Machulo Dmitry Machulo

Termius for iOS and macOS allows you to generate a key inside Secure Enclave (SEP), an isolated hardware subsystem that comes with most Apple devices, and use it for SSH connections. The private part of such a key cannot be accessed by Termius or the operating system.

Before generating a key in Secure Enclave, you'll need to protect your device with a passcode, Touch ID, or Face ID. You will be asked to authenticate with one of these methods during connection.

hk-ezgif-4-d198b0e4c1.gif

As of now, it is possible to generate only 256-bit ECDSA keys.

Important: Resetting the passcode, Touch ID or Face ID will make all previously generated keys unusable.

Generate a biometric key

  1. In Preferences, choose Keychain.
  2. Click + New Key and then Generate new biometric key.
  3. (Optionally) in the Set a label... field, provide a name for the key.
  4. Click Generate.
    ezgif-4-e3be8aba5d.gif
  1. Choose Keychain in the app's main menu.
  2. Tap + and then Generate Secure Enclave key.
  3. In the Name field, provide a name for the key, and tap Generate.
  4. hk-ezgif-1-cecea2ba47.gif

Important: Since the private part of a biometric key cannot be accessed by Termius, it will not be synchronized with your Termius account.

Export a biometric key

As with other kinds of keys, you can use Termius to add a key's public part to the authorized_keys file stored on a host. On iOS, the key will be automatically attached to that host's entry.

  1. In Preferences, choose Keychain.
  2. Right-click the key and then Export to host.
  3. Click Select host and select the host to which you want to upload the key.
  4. Check Attach to host, if you'd like the key to be linked with the host you've selected.
  5. Adjust other parameters, if desired.
  6. Tap the required host and then Export.
  7. Click Export key at the top.
    ezgif-1-741504fece.gif
  1. Choose Keychain in the app's main menu.
  2. Tap and hold the required key, then choose Share and Export to host.
  3. Adjust the parameters of export, if desired.
  4. Tap the required host and then Export.
  5. hk-ezgif-1-53c1209a55.gif

Was this article helpful?

5 out of 15 found this helpful

Add comment

Please sign in to leave a comment.