, ,



files listing

Produce Location



SeKey is a SSH Agent that enable customers to authenticate to UNIX/Linux SSH servers utilizing the Actual Enclave

The way it Works?

The Actual Enclave is a hardware-basically based key manager that’s isolated from the fundamental processor to produce an additional layer of security. In the event you store a non-public key in the Actual Enclave, you in no way if fact be told address the key, making it sophisticated for the key to alter into compromised. As a replace, you command the Actual Enclave to fabricate the key, securely store it, and place operations with it. You rep handiest the output of these operations, much like encrypted knowledge or a cryptographic signature verification final consequence.


  • Most intelligent crimson meat up MacBook Skilled with the Touch Bar and Touch ID
  • Can’t import preexisting key
  • Stores handiest 256-bit elliptic curve private key



Unfortunately, I will be succesful to now now not make a Homebrew system because KeyChain API requires entitlements, so the binary has to be signed to work.

Handbook Installation

  1. Dash to Releases and download the most up-to-date originate
  2. Location the App in the Functions folder.
  3. Dash to ~/Library/LaunchAgents
  4. Build the file com.ntrippar.sekey.plist
  5. Paste the next into the file and repair the direction of the sekey binary:
xml version="1.0" encoding="UTF-eight"?>
DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  1. Repair permissions
chown youruser:workers /absolute/direction/to/SeKey.app/Contents/MacOS/sekey
  1. Load the agent to the person story:
launchctl load -F ~/Library/LaunchAgents/com.ntrippar.sekey.plist
  1. Position enviroment variables and repair the direction of sekey folder.
export PATH=$PATH:/direction/to/SeKey.app/Contents/MacOS
export SSH_AUTH_SOCK=$HOME/.sekey/ssh-agent.ssh


For the succor menu:

ntrippar@macbookpro:~% sekey -h
SeKey 1.0
Nicolas Trippar <ntrippar@gmail.com>
Use Actual Enclave for SSH Authentication

    sekey [FLAGS] [OPTIONS]

        --daemon       Bustle the daemon
    -h, --succor         Prints succor knowledge
        --list-keys    List all keys
    -V, --version      Prints version knowledge

        --delete-keypair <ID>         Deltes the keypair
        --export-key <ID>             export key to OpenSSH Structure
        --generate-keypair <LABEL>    Generate a key in the midst of the Actual Enclave


Build KeyPair in the midst of the Actual Enclave:

ntrippar@macbookpro:~% sekey sekey --generate-keypair "Github Key"
Keypair Github Key sucessfully generated

List keys in the stable enclave:

ntrippar@macbookpro:~% sekey --list-keys

│       Mark        │                        ID                        │
│     Github Key     │     d179eb4c2d6a242de64e82240b8b6e611cf0d729     │

Export public key to OpenSSH structure:

ntrippar@macbookpro:~% sekey --export-key d179eb4c2d6a242de64e82240b8b6e611cf0d729
ecdsa-sha2-nistp25 AAAAEmVjZHNhLXNoYTItbmlzdHAyNQAAAAhuaXN0cDI1NgAAAEEE8HM7SBdu3yOYkmF0Wnj/q8t2NJC6JYJWZ4IyvkOVIeUs6mi4B424bAjhZ4Awgk5ax9r25RB3Q8tL2/7J/3xchQ==

Delete Keypair:

ntrippar@macbookpro:~% sekey --delete-keypair d179eb4c2d6a242de64e82240b8b6e611cf0d729
Key d179eb4c2d6a242de64e82240b8b6e611cf0d729 sucessfully deleted



Sekey is constructed with Cargo, the Rust equipment manager. We additionally exercise Xcode to fabricate the Plot-C code to bridge with the Actual Enclave and stamp the binary.

git clone https://github.com/ntrippar/sekey
cd sekey
cargo fabricate --originate


cp ./target/originate/sekey ./bundle/SeKey.app/Contents/MacOS/sekey


SeKey makes use of the KeyChain API on MacOS, for utilizing it the app must be signed and luxuriate in the top entitlements.

You would possibly want to alternate the stamp parameter to match your luxuriate in signing key

Itemizing keys

security gain-identification -v -p codesigning


codesign --force --identifier "com.ntrippar.sekey" --stamp "Developer ID Utility: Nicolas Trippar (5E8NNEEMLP)" --entitlements ./assets/sekey.entitlements --timestamp=none ./bundle/SeKey.app

Make a contribution

Contributors of the beginning-source community are encouraged to put up pull requests trusty now thru GitHub.

Learn More

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%