, ,

ntrippar/sekey

ntrippar/sekey

files listing

Produce Location

SeKey

About

SeKey is a SSH Agent that enable customers to authenticate to UNIX/Linux SSH servers utilizing the Actual Enclave

The way it Works?

The Actual Enclave is a hardware-basically based key manager that’s isolated from the fundamental processor to produce an additional layer of security. In the event you store a non-public key in the Actual Enclave, you in no way if fact be told address the key, making it sophisticated for the key to alter into compromised. As a replace, you command the Actual Enclave to fabricate the key, securely store it, and place operations with it. You rep handiest the output of these operations, much like encrypted knowledge or a cryptographic signature verification final consequence.

Obstacles

  • Most intelligent crimson meat up MacBook Skilled with the Touch Bar and Touch ID
  • Can’t import preexisting key
  • Stores handiest 256-bit elliptic curve private key

Install

Homebrew

Unfortunately, I will be succesful to now now not make a Homebrew system because KeyChain API requires entitlements, so the binary has to be signed to work.

Handbook Installation

  1. Dash to Releases and download the most up-to-date originate
  2. Location the App in the Functions folder.
  3. Dash to ~/Library/LaunchAgents
  4. Build the file com.ntrippar.sekey.plist
  5. Paste the next into the file and repair the direction of the sekey binary:
xml version="1.0" encoding="UTF-eight"?>
DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Markkey>
    <string>com.ntrippar.sekeystring>
    <key>ProgramArgumentskey>
    <array>
        <string>/absolute/direction/to/SeKey.app/Contents/MacOS/sekeystring>
        <string>--daemonstring>
    array>
    <key>StandardErrorPathkey>
    <string>/dev/nullstring>
    <key>StandardOutPathkey>
    <string>/dev/nullstring>
    <key>KeepAlivekey>
    <factual/>
dict>
plist>
  1. Repair permissions
chown youruser:workers /absolute/direction/to/SeKey.app/Contents/MacOS/sekey
  1. Load the agent to the person story:
launchctl load -F ~/Library/LaunchAgents/com.ntrippar.sekey.plist
  1. Position enviroment variables and repair the direction of sekey folder.
export PATH=$PATH:/direction/to/SeKey.app/Contents/MacOS
export SSH_AUTH_SOCK=$HOME/.sekey/ssh-agent.ssh

Usage

For the succor menu:

ntrippar@macbookpro:~% sekey -h
SeKey 1.0
Nicolas Trippar <ntrippar@gmail.com>
Use Actual Enclave for SSH Authentication

USAGE:
    sekey [FLAGS] [OPTIONS]

FLAGS:
        --daemon       Bustle the daemon
    -h, --succor         Prints succor knowledge
        --list-keys    List all keys
    -V, --version      Prints version knowledge

OPTIONS:
        --delete-keypair <ID>         Deltes the keypair
        --export-key <ID>             export key to OpenSSH Structure
        --generate-keypair <LABEL>    Generate a key in the midst of the Actual Enclave

Examples

Build KeyPair in the midst of the Actual Enclave:

ntrippar@macbookpro:~% sekey sekey --generate-keypair "Github Key"
Keypair Github Key sucessfully generated

List keys in the stable enclave:

ntrippar@macbookpro:~% sekey --list-keys

┌────────────────────┬──────────────────────────────────────────────────┐
│       Mark        │                        ID                        │
├────────────────────┼──────────────────────────────────────────────────┤
│     Github Key     │     d179eb4c2d6a242de64e82240b8b6e611cf0d729     │
└────────────────────┴──────────────────────────────────────────────────┘

Export public key to OpenSSH structure:

ntrippar@macbookpro:~% sekey --export-key d179eb4c2d6a242de64e82240b8b6e611cf0d729
ecdsa-sha2-nistp25 AAAAEmVjZHNhLXNoYTItbmlzdHAyNQAAAAhuaXN0cDI1NgAAAEEE8HM7SBdu3yOYkmF0Wnj/q8t2NJC6JYJWZ4IyvkOVIeUs6mi4B424bAjhZ4Awgk5ax9r25RB3Q8tL2/7J/3xchQ==

Delete Keypair:

ntrippar@macbookpro:~% sekey --delete-keypair d179eb4c2d6a242de64e82240b8b6e611cf0d729
Key d179eb4c2d6a242de64e82240b8b6e611cf0d729 sucessfully deleted

Produce

Produce

Sekey is constructed with Cargo, the Rust equipment manager. We additionally exercise Xcode to fabricate the Plot-C code to bridge with the Actual Enclave and stamp the binary.

git clone https://github.com/ntrippar/sekey
cd sekey
cargo fabricate --originate

Kit

cp ./target/originate/sekey ./bundle/SeKey.app/Contents/MacOS/sekey

Signal

SeKey makes use of the KeyChain API on MacOS, for utilizing it the app must be signed and luxuriate in the top entitlements.

You would possibly want to alternate the stamp parameter to match your luxuriate in signing key

Itemizing keys

security gain-identification -v -p codesigning

Signal

codesign --force --identifier "com.ntrippar.sekey" --stamp "Developer ID Utility: Nicolas Trippar (5E8NNEEMLP)" --entitlements ./assets/sekey.entitlements --timestamp=none ./bundle/SeKey.app

Make a contribution

Contributors of the beginning-source community are encouraged to put up pull requests trusty now thru GitHub.

Learn More

What do you think?

0 points
Upvote Downvote

Total votes: 0

Upvotes: 0

Upvotes percentage: 0.000000%

Downvotes: 0

Downvotes percentage: 0.000000%

Leave a Reply

Your email address will not be published. Required fields are marked *