It is not present in the RAM with smart cards, and especially never with server type HSM: https://wiki.archlinux.org/title/SSH_keys#Storing_SSH_keys_o... And even the password can be forced to be re-entered by the agent…
The promise of HSM, TPM and smart cards are that you have a tiny computer (microcontroller) where the code is easier to audit. Ideally a sealed key never leaves your MCU. The cryptographic primitives, secret keys and…
Or put them in a $2 FLOSS Gnuk token/smart card that you can carry with you and still have strong password protection and AES encrypted data at rest with KDF/DO: https://github.com/ran-sama/stm32-gnuk-usb-smartcard
It is not present in the RAM with smart cards, and especially never with server type HSM: https://wiki.archlinux.org/title/SSH_keys#Storing_SSH_keys_o... And even the password can be forced to be re-entered by the agent…
The promise of HSM, TPM and smart cards are that you have a tiny computer (microcontroller) where the code is easier to audit. Ideally a sealed key never leaves your MCU. The cryptographic primitives, secret keys and…
Or put them in a $2 FLOSS Gnuk token/smart card that you can carry with you and still have strong password protection and AES encrypted data at rest with KDF/DO: https://github.com/ran-sama/stm32-gnuk-usb-smartcard