Biometric Keys: Store SSH Keys in Apple Secure Enclave
Biometric SSH Keys are securely stored on your device in a trusted execution environment and protected by biometric authentication. They never leave your device and are inaccessible to others, even with unauthorized access to your device.
Termius on macOS, iOS, and iPadOS allows you to generate Biometric SSH keys within the Secure Enclave (SE). SE is an isolated hardware subsystem that generates and stores private keys. No one, including Termius or OS, can directly export, copy, or access these keys.
To establish an SSH connection, Termius requests SE to sign data with the private key. Whenever this happens, OS prompts you to authorize access to a key stored in SEP with Touch ID/Face ID authentication.
Biometric keys don't synchronize with other devices as regular SSH Keys because they can't be copied by Termius.