[krrrh]

An alternative to this is https://krypt.co/ which generates keys on your phone’s secure element/enclave and communicates with your laptop via bluetooth. It has a straightforward script to copy another public key from a backup phone to all your authorized servers, and the UI is excellent for signing git commits and authorizing ssh sessions. Doesn’t yet support U2F.

[lttlrck]

I really liked this but the notification requirement on iOS killed it for me. I can’t remember the exact details but it is (roughly) not possible to suppress authorization request notifications because on iOS notifications are the only way to wake-up a backgrounded application. Net result is a notifications every single time krypt authorizes via your phone. This may not be a problem for many people but it drove me nuts. It is unbearable if you use auto-complete on the command line in eg SCP.

Edit: typos

Edit 2: related issue https://github.com/kryptco/krypton-ios/issues/75

[4kevinking]

Thank you for letting us know. We have a fix for this in the pipeline and will update the issue when it's released.

[tzs]

From their FAQ:

> Can I backup my private key?

> Backing up your private key reduces its security to the security of the backup. We do not currently support backing up or extracting your private key. In the future we may add key splitting among team members or transferring your private key directly to a new phone.

All my data that the private key would be protecting access to is backed up, so I've ALREADY bought in to the idea that my security is bounded by the security of my backups. It is not clear to me that not letting me back up the private key actually does anything to help my security.

In fact, it may weaken it. Their FAQ says that if I lose my phone what I'm supposed to do is remove my public key from all my accounts, get a new phone, install Kypton on it, generate new keys, and put the new public keys on my accounts.

To do this, I have to have a way to access those accounts without using my private key. That means my security is bounded by the security of my non-Krypton access method.

If my non-Krypton access method is strong, that means I've got to be set up to deal with strong non-Krypton secret management...but if I have to do that anyway what do I need Krypton for? I can just manage my primary access method secrets myself too.

Also, what if the site requires two factor for the alternate access method? I'm probably going to be using my phone for that...but remember we're talking here about the case where I lose my phone, so I lose both my primary access (Krypton) and my secondary.

[thisacctforreal]

Note that on iOS, Krypt supports key generation using the Secure Enclave on the iPhone 5s (Sept 2013) and newer. In those cases it's impossible to extract the private key without finding a zero-day in the Secure Enclave coprocessor.

From "Other uses for Touch ID and Face ID" in https://www.apple.com/business/docs/iOS_Security_Guide.pdf

"App developers can do the following: [...] Generate and use ECC keys inside Secure Enclave that can be protected by Touch ID or Face ID. Operations with these keys are always performed inside the Secure Enclave once it authorizes their use."

edit: This page has more details https://krypt.co/docs/security/privacy-policy.html

[pastage]

You are supposed to store a physical paper with some secret codes that gives you access, but you are always on an three day trip when you need to do these resets.

[616c]

When the secure enclave came up in the context of contactless payments at a 34CCC talk, it was suggested outside of Apple as an iPhone vendor, the type of card operation requiring it are avoided by Google and others because lack of cultural and technical buy in from HW devs.

https://media.ccc.de/v/34c3-8965-decoding_contactless_card_p...

I won't buy into iPhones, HNers can flame away. Does this service get me anything as an Android user?

[thanatos_dem]

No real benefits that I’m aware of, and until Google starts to care about privacy more I wouldn’t expect them to invest in developing a secure coprocessor like the Secure Enclave, so you’ll probably be limited to 3rd party alternatives such as yubikey for the foreseeable future.

[lrvick]

The Android team has actually made a lot of progress on this front, and unlike solutions by Apple, Google lets their solution be audited by anyone as they release all the source code.

Android has the hardware backed Keystore API for interacting with secure elements. Integration for this started in android 6.0 and is mandatory in 8.0.

https://source.android.com/security/keystore

https://android-developers.googleblog.com/2017/09/keystore-k...

[616c]

I will check this out but as the guy in the 34C3 talk said, and he makes his living in building NFC payment solutions for bank and payment integration, heterogenous vendors with little reward is why they, meaning Google Android and others, moved to host card emulation with ephemeral tokens; structurally and technically only Apple has the supply chain and volume for their ecosystem to make it happen for secure elements, aka secure enclave as it is known in these payment processing workflows.

[dweekly]

Here is some information about the secure coprocessor that Google has invested in developing - and shipped with Pixel 2. https://www.blog.google/products/android-enterprise/how-pixe...

Disclaimer: I work for Google but not on this.

[kakarot]

Google doesn't design android hardware outside of their own models. It's not within Google's power (realistically speaking) to force all hardware vendors to start manufacturing secure enclave.

This evolution in hardware design will start at the top companies and young startup companies (far and few between in the cellphone market) and trickle down to the rest as the price becomes commoditized.

[paulie_a]

It is within their power: "play store now requires secure enclave for new devices"

[thomashabets2]

And that's how Amazon's Android play store wins. Or Samsung's, or one of the other ones.

Google by design isn't the dictator of the entire ecosystem. Not like Apple. Nowhere near.

[veeti]

Every modern SoC has TrustZone.

[plange]

They still haven't licensed their code, which makes it very hard to use.

[voltagex_]

What happens if you lose your phone? What happens if you factory reset?

[4kevinking]

In both cases you would lose access to your key, similar to losing a Yubikey. You can find instructions for provisioning a backup phone here: https://krypt.co/docs/start/backup.html . The upcoming teams product will make backup as simple as having multiple team admins that can re-provision each other in the event one loses their phone.

[dpweb]

nice service! windows? i know.. but you cant get a used macbook for 50$. kr install didnt work by the way but the debian linux bash cmds worked in the win10 linux subsystem.

[4kevinking]

Windows support is slated for the first half of this year (you can follow this issue: https://github.com/kryptco/kr/issues/87 ). In what environment did the kr install fail? We only currently support Bash on Ubuntu(16+) on Windows.

[dpweb]

16.04.3 LTS (Xenial Xerus). My bad - worked ok

[chrissnell]

How much will this (eventually) cost? I'm hesitant to adopt any new workflow tool without knowing what it's gonna cost me once I'm completely hooked on it.

[4kevinking]

Krypton Core (storing/using your SSH/PGP keypair) will be free forever. Stay tuned over the next couple months for updates regarding the teams product.

[gsich]

Does this work offline?

[4kevinking]

Yes, Krypton also works over bluetooth (currently implemented on Mac and iOS/android).