Hacker News new | ask | show | jobs
by jwells89 819 days ago
As far as I know, that’s correct. macOS never sees any of the fingerprint data, and thus it can’t be read or intercepted easily.

The Secure Enclave can also store various keys, which apps like Secretive[0] can use to store and gate access to things like SSH keys with. Feels a little nicer than letting them rattle around loose in ~/.ssh/ where any passerby can pick them up, is more convenient than an a USB key, and lets me know when something is trying to use it by way of unexpected Touch ID prompt. It’s a feature I miss when using my Windows/Linux laptop.

[0]: https://github.com/maxgoedjen/secretive
1 comments
ok_dad 819 days ago
Does that mean that Bluetooth keyboards with Touch ID also have a Secure Enclave on them? I guess there’s some additional security that ensures you can’t spoof that keyboard’s response?
link
matthewfcarlson 819 days ago
Correct!
link
steve1977 819 days ago
I don't think so.

https://support.apple.com/en-in/guide/security/secf60513daa/...

From what I understand, the keyboard just acts as a sensor, but doesn't store anything - neither securely nor otherwise.

"The Magic Keyboard with Touch ID performs the role of the biometric sensor; it doesn’t store biometric templates, perform biometric matching or enforce security policies (for example, having to enter the password after 48 hours without an unlock). The Touch ID sensor in the Magic Keyboard with Touch ID must be securely paired to the Secure Enclave on the Mac before it can be used, and then the Secure Enclave performs the enrolment and matching operations and enforces security policies in the same way it would for a built-in Touch ID sensor."

link
ok_dad 819 days ago
Wow! Things have come so far now that my keyboard is a whole secure computer with a radio as well as a keyboard!
link