Why is it more secure: a key file on disk is decrypted into memory every time you enter your passphrase. It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker.
An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.
The exported key you can keep in a safe for disaster recovery. You shouldn't keep it on your computer of course.
>It means the key is around in plain text in the memory of ssh or ssh-agent. Which means it's extractable by an attacker. An exportable key does all the signing inside the secure enclave and never exposes the decrypted key to OS memory.
But malware can just tell the secure enclave to export the key? Yes, they'll have to write new code to do that, but it's not particularly hard (it's 1 line code from your example above), and it's security through obscurity.
The export operation is guarded by TouchID. So the malware needs to trick you into performing the TouchID gesture.
But yeh the malware only needs to trick you to hit TouchID once. Instead of on each sign operation. So if that's in your threat model don't make the key exportable.
> That's not meaningfully more difficult than tricking you into revealing your key file password.
No, but that's meaningfully more difficult to do without an intervention from the user. Say your computer is infected, the malware won't silently do it: it will have to interact with you.
And an important part is that you apparently don't have to make the key exportable:
> So if that's in your threat model don't make the key exportable.
Which now makes it meaningfully more difficult to extract.
I would personally not export it, just like I don't export (and can't export) the key from a security key. That's a feature.
> Say your computer is infected, the malware won't silently do it: it will have to interact with you.
MacOS is so needy about all kinds of fingerprint/password-related things (and has no context of secure desktop) that it is trivial for malware to simulate and no way for the user to tell whether it's genuine, so it's not a real barrier at all.
If the key is marked as exportable the malware will happily export it for you. The only way to defend against that is to make the key non-exportable to begin with.
I hit my touchid probably 10 times a day, seems pretty easy for me to be tricked into hitting touchid thinking that okta forgot my session or something like that.
As a user I prefer a single touch to typing a passphrase every time. A passphrase also has other attack vectors like keylogging, etc., which would allow replays.
But even if security was exactly the same, I'd prefer the touch to the typing.
So it just has to wait until you’re about to do a legitimate operation requiring authentication, intercept that to export the key, and cancel the real one with a bogus error (and you’ll just try again without any second thoughts).
MacOS has also no concept of secure desktop/etc where the OS can use some privileged UI to explicitly tell you what you are signing and prompt for PIN/biometrics. It’s in fact a well-known problem where legitimate dialogs for system/Apple ID password have no distinguishing features from fake ones.
Generally dialogs that require sensitive input provide some way for the user to ensure they are issued by the OS and not a random program. Windows historically used the Secure Attention Key (that's why domain-linked machines used to require pressing Ctrl+Alt+Del to login, to train users to only enter credentials in secure contexts) which is a key combo that the OS always intercepts and thus once pressed you can be assured you are typing into a trusted UI and not a piece of malware emulating the trusted UI.
Of course, this was back in the day when computers were primarily a productivity tool and not an ad delivery vehicle, so it's unlikely this problem will ever be solved.
The exported key you can keep in a safe for disaster recovery. You shouldn't keep it on your computer of course.