| ▲ | arianvanp 32 minutes ago | |||||||
Why is it more secure: a key file on disk is decrypted into memory every time you enter your passphrase. It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory. The exported key you can keep in a safe for disaster recovery. You shouldn't keep it on your computer of course. | ||||||||
| ▲ | a few seconds ago | parent | next [-] | |||||||
| [deleted] | ||||||||
| ▲ | gruez 11 minutes ago | parent | prev | next [-] | |||||||
>It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory. But malware can just tell the secure enclave to export the key? Yes, they'll have to write new code to do that, but it's not particularly hard (it's 1 line code from your example above), and it's security through obscurity. | ||||||||
| ||||||||
| ▲ | traceroute66 14 minutes ago | parent | prev [-] | |||||||
> The exported key you can keep in a safe for disaster recovery. No. Your "disaster recovery" should be either a second device with a Secure Enclave, or a Yubikey. Making it exportable from the Secure Enclave defeats the whole purpose. | ||||||||