Show HN: Sod – Touch ID-Backed SSH Keys Using the Secure Enclave (botanica-consulting.github.io)

2 points by botanica_labs ↗ HN
Hi HN! Showcasing sod - a minimal Secure Enclave harness for ssh keys.

sod generates an ecdsa-sha2-nistp256, unexportable key inside the Apple Secure Enclave.

It then orchestrates a barebones ssh-agent session which, in short - allows authenticating to OpenSSH servers the same way you would normally - but with your fingerprint instead of your password.

No special support required on the server side, this simply bridges typical ssh client behavior with Secure Enclave signing primitives.

sod is CLI-only, and "speaks" in typical OpenSSH verbs: ssh-keygen, ssh-add, ssh-agent.

sod is a lean codebase written in Swift - zero dependencies (outside of Swift's own). It does not implement any cryptography itself but rather delegates to macOS and OpenSSH crypto.

Quickstart: brew install botanica-consulting/tap/sod

    sd install

    ssh-copy-id -i ~/.ssh/id_sod.pub user@host

    ssh user@host
Pre-built .pkg and the code for your perusal at: https://github.com/botanica-consulting/sod

Any feedback is welcome!

-- sod is a FOSS project by https://botanica.software

0 comments

[ 2.9 ms ] story [ 11.9 ms ] thread

No comments yet.