





























Hi HN! Showcasing sod - a minimal Secure Enclave harness for ssh keys.
sod generates an ecdsa-sha2-nistp256, unexportable key inside the Apple Secure Enclave.
It then orchestrates a barebones ssh-agent session which, in short - allows authenticating to OpenSSH servers the same way you would normally - but with your fingerprint instead of your password.
No special support required on the server side, this simply bridges typical ssh client behavior with Secure Enclave signing primitives.
sod is CLI-only, and "speaks" in typical OpenSSH verbs: ssh-keygen, ssh-add, ssh-agent.
sod is a lean codebase written in Swift - zero dependencies (outside of Swift's own). It does not implement any cryptography itself but rather delegates to macOS and OpenSSH crypto.
Quickstart: brew install botanica-consulting/tap/sod
sd install
ssh-copy-id -i ~/.ssh/id_sod.pub user@host
ssh user@host
Pre-built .pkg and the code for your perusal at: https://github.com/botanica-consulting/sod
Any feedback is welcome!
-- sod is a FOSS project by https://botanica.software
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。