Laptops all have built-in security tokens these days

15 points by ahelwer

accelbread

This seems to be just macs?

ahelwer
I have access to a newer Windows laptop through work and got openssh to talk to Windows Hello as follows:
```
winget install Microsoft.OpenSSH.preview
ssh-keygen -t ecdsa-sk
```
Then it all worked as before, any time I used the key to SSH somewhere it went through the standard Windows Hello flow where I could either use the fingerprint reader, facial recognition, or my PIN.

Don't have access to a Linux system with a secure element like that; my Linux workstation has a V1 TPM, but there isn't really any way I know of to ensure its signing operation is gated behind a real-world user presence check. Maybe someone with a Framework or similar Linux laptop can try? Perhaps it works under Asahi, actually...
- Foxboron
  
  For sealing SSH keys to the TPM I wrote an agent. https://github.com/Foxboron/ssh-tpm-agent
  
  However there is no connection from the TPM to the fingerprint sensor. You can't have the TPM attest to the fact you used your fingerprint, you would need to implement this in user space.
  - ahelwer
    
    Ah very neat project, thank you! It is at least better than having the private key sitting around in ~/.ssh. I suppose the TPM/fingerprint connection would have to be a feature of the motherboard? Or do Windows & macOS systems somehow implement this connection in the kernel? Looking at Framework laptops, it doesn't seem as though there is any special connection between the fingerprint reader and the TPM.
- jussi
  
  Pretty much, I'm unsure if there are any TPM2 FIDO emulation layers for Linux or Windows.
legoktm

So what exactly is in those "private key" files that they provided?
- ahelwer
  If you put it through a base64 decoder you get the following:
  
  openssh-key-v1��none��none��J��sk-ssh-ed25519@openssh.com�� 盘˪<F$KW+��ssh:��FtBgFtBg��sk-ssh-ed25519@openssh.com�� 盘˪<F$KW+��ssh:��fІpF$D8"&0[X'L=Ev')BjM]$}rTv6Z+p9O8ݹ%Vf.|қ.%I{9 .W !D"8NaiW�y53 ��ahelwer@ah-mbair.local
  
  So we have:
  
  key standard version (v1)
  
  key type (sk-ssh-ed25519@openssh.com), repeated for some reason
  
  key friendly name (ahelwer@ah-mbair.local)
  
  I assume all the other stuff is OpenSSH flags (PIN? Require presence check?) and a handle GUID that OpenSSH can send to the FIDO/U2F API along with a challenge to get signed. OpenSSH can infer from the key type (specifically "sk") that this isn't an actual private key and it needs to call out to a secure element. From there it looks at the SecurityKeyProvider setting or the SSH_SK_PROVIDER environment variable for where to load the dynamic library that lets it talk to the secure element.
winter

This seems to only cover SSH — is there any way I could use my computer’s Secure Enclave or TPM as a FIDO2 or U2F key?
- ahelwer
  
  Definitely, this should pretty much just work out of the box. Passkeys are also a form of this which uses a separate private key for each website.
  - winter
    
    That’ll only work for sites that support resident keys (passkeys), not the previous APIs (which sites would only use for 2FA).
    
    ahelwer
    
    Oddly Codeberg successfully treats my macbook's secure element as a security key; I was able to add it as such on the https://codeberg.org/user/settings/security page. Maybe this is actually using a passkey setup flow?
  - iinuwa
    
    This fact makes it seem crazy to me that support for asymmetric or HMAC API keys that can be bound to hardware is not more common. I'm glad for more specifications pushing more of this stuff forward, like WebAuthn, DBSC (Device-Bound Session Credentials) and OAuth2 DPOP.