| ▲ | arianvanp 35 minutes ago | |
The export operation is guarded by TouchID. So the malware needs to trick you into performing the TouchID gesture. But yeh the malware only needs to trick you to hit TouchID once. Instead of on each sign operation. So if that's in your threat model don't make the key exportable. | ||
| ▲ | gruez 26 minutes ago | parent [-] | |
> So the malware needs to trick you into performing the TouchID gesture. That's not meaningfully more difficult than tricking you into revealing your key file password. >Instead of on each sign operation. But from your video each sign operation also requires a touchid prompt? | ||