thoughts/data/ssh-certs-apple-t2.md

## Key Takeaways

* SSH certificates can be used with the Apple T2 chip on
  macOS as an alternative to external smart cards,
  authenticated with a fingerprint per session.
* The Mac T2 chip serves as an extra security layer by creating
  private keys in the secure enclave.
* The CA can be stored on an external smartcard, only
  signing for access in a limited period - again limiting
  the exposure.

## Introduction

Over the past days I have been going down a deep, deep
rabbit hole of SSH proxy jumping and SSH certificates
combined with smart cards.

After playing around with smart cards for SSH, I recognized
that not only external smart cards such as the Yubikey or
Nitrokey is a possible lane to go down.

Mac computers comes with a security chip called T2. This chip is
also known to host something Apple calls Secure Enclave [1]. In
the Secure Enclave you can store keys.

It will probably not serve as an equally secure solution as with
external smart cards, but it is a better balance for usability.

The T2 is permanently stored in hardware on one host only,
so the access needs to be signed on a per-host basis. In
such I would say the T2 and external smart cards complement
each other.

Always having the key available will bring two additional
vulnerabilities:

* If compromised, the key is always available logically
* Separation of equipment and key is not possible e.g. in a
  travel situation

With a central pubkey directory tied to an identity
(automated), the T2 can be of better use for an enterprise
setup.

## Setting up a Private Key in Secure Enclave

While fiddling around I found sekey on Github [2]. The
project seems abandoned, but it is the secure enclave that
does the heavy lifting.

The short and easy setup are:

    $ brew cask install sekey
    $ echo "export SSH_AUTH_SOCK=$HOME/.sekey/ssh-agent.ssh" >> ~/.zshrc
    $ echo "IdentityAgent ~/.sekey/ssh-agent.ssh" >> ~/.ssh/config
    $ source ~/.zshrc

A keypair can now be generated in the secure enclave by:

    $ sekey --generate-keypair SSH
    $ sekey --list-keys

Now export the public key of the curve generated on-chip:

    $ sekey --export-key <id> > id_ecdsa.pub

Using the trick we found in our recent venture into using
smart cards for signing the key, we can used PCKS#11 without
compromising security [3]. In this case I use a Nitrokey:

    $ brew cask install opensc
    $ PKCS11_MODULE_PATH=/usr/local/lib/opensc-pkcs11.so
    $ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub
    $ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web \
      -V +1h -z 1 id_ecdsa.pub
    Enter PIN for 'OpenPGP card (User PIN)': 
    Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web 
      valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51
    cp id_ecdsa-cert.pub ~/.ssh/

If you now try to ssh into a server using the given
certificate authority as shown in the SSH-CA post [3],
access should be granted with a fingerprint.

## A Word of Caution

The T2 has some vulnerabilities shown recently [4]. Make
sure to include these in your risk assessment of using
it. If you won't go down the smart card route it will still
be better than storing the key on disk.


[1] https://support.apple.com/guide/security/secure-enclave-overview-sec59b0b31ff/web  
[2] https://github.com/sekey/sekey  
[3] https://secdiary.com/2020-10-13-ssh-ca-proxyjump.html  
[4] https://inks.cybsec.network/tag/t2
initial migration 2024-08-05 18:24:56 +00:00			`## Key Takeaways`

			`* SSH certificates can be used with the Apple T2 chip on`
			`macOS as an alternative to external smart cards,`
			`authenticated with a fingerprint per session.`
			`* The Mac T2 chip serves as an extra security layer by creating`
			`private keys in the secure enclave.`
			`* The CA can be stored on an external smartcard, only`
			`signing for access in a limited period - again limiting`
			`the exposure.`

			`## Introduction`

			`Over the past days I have been going down a deep, deep`
			`rabbit hole of SSH proxy jumping and SSH certificates`
			`combined with smart cards.`

			`After playing around with smart cards for SSH, I recognized`
			`that not only external smart cards such as the Yubikey or`
			`Nitrokey is a possible lane to go down.`

			`Mac computers comes with a security chip called T2. This chip is`
			`also known to host something Apple calls Secure Enclave [1]. In`
			`the Secure Enclave you can store keys.`

			`It will probably not serve as an equally secure solution as with`
			`external smart cards, but it is a better balance for usability.`

			`The T2 is permanently stored in hardware on one host only,`
			`so the access needs to be signed on a per-host basis. In`
			`such I would say the T2 and external smart cards complement`
			`each other.`

			`Always having the key available will bring two additional`
			`vulnerabilities:`

			`* If compromised, the key is always available logically`
			`* Separation of equipment and key is not possible e.g. in a`
			`travel situation`

			`With a central pubkey directory tied to an identity`
			`(automated), the T2 can be of better use for an enterprise`
			`setup.`

			`## Setting up a Private Key in Secure Enclave`

			`While fiddling around I found sekey on Github [2]. The`
			`project seems abandoned, but it is the secure enclave that`
			`does the heavy lifting.`

			`The short and easy setup are:`

			`$ brew cask install sekey`
			`$ echo "export SSH_AUTH_SOCK=$HOME/.sekey/ssh-agent.ssh" >> ~/.zshrc`
			`$ echo "IdentityAgent ~/.sekey/ssh-agent.ssh" >> ~/.ssh/config`
			`$ source ~/.zshrc`

			`A keypair can now be generated in the secure enclave by:`

			`$ sekey --generate-keypair SSH`
			`$ sekey --list-keys`

			`Now export the public key of the curve generated on-chip:`

			`$ sekey --export-key <id> > id_ecdsa.pub`

			`Using the trick we found in our recent venture into using`
			`smart cards for signing the key, we can used PCKS#11 without`
			`compromising security [3]. In this case I use a Nitrokey:`

			`$ brew cask install opensc`
			`$ PKCS11_MODULE_PATH=/usr/local/lib/opensc-pkcs11.so`
			`$ ssh-keygen -D $PKCS11_MODULE_PATH -e > ca.pub`
chore: adjustments to line length of code blocks 2024-08-06 14:13:47 +00:00			`$ ssh-keygen -D $PKCS11_MODULE_PATH -s ca.pub -I example -n zone-web \`
			`-V +1h -z 1 id_ecdsa.pub`
initial migration 2024-08-05 18:24:56 +00:00			`Enter PIN for 'OpenPGP card (User PIN)':`
chore: adjustments to line length of code blocks 2024-08-06 14:13:47 +00:00			`Signed user key id_ecdsa-cert.pub: id "example" serial 1 for zone-web`
			`valid from 2020-10-14T20:26:00 to 2020-10-14T21:27:51`
initial migration 2024-08-05 18:24:56 +00:00			`cp id_ecdsa-cert.pub ~/.ssh/`

			`If you now try to ssh into a server using the given`
			`certificate authority as shown in the SSH-CA post [3],`
			`access should be granted with a fingerprint.`

			`## A Word of Caution`

			`The T2 has some vulnerabilities shown recently [4]. Make`
			`sure to include these in your risk assessment of using`
			`it. If you won't go down the smart card route it will still`
			`be better than storing the key on disk.`


			`[1] https://support.apple.com/guide/security/secure-enclave-overview-sec59b0b31ff/web`
			`[2] https://github.com/sekey/sekey`
			`[3] https://secdiary.com/2020-10-13-ssh-ca-proxyjump.html`
			`[4] https://inks.cybsec.network/tag/t2`