On 17/06/2025 11:00, Marco Trevisan wrote:
Note that, even if you do the above, the protection the fingerprint
provides to your private key material is only as strong as your OS'
security. If an attacker is able to elevate privilege then they
could steal the key material from the agent without your fingerprint.
Isn't this true for any kind of privilege escalation when the agent is
in place?
Yes and no.
Yes, if the private key is stored in the agent, and the agent itself
performs the crypto operations.
No, if the private key is stored in a secure enclave, which is
integrated with the fingerprint reader, as with macOS.
In the latter case, (a) the key itself cannot leak, and (b) crypto
operations are only performed with operator consent. (Gummy bears
notwithstanding, you still at least need some physical presence)
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
