Huh. I’ve played around with D a few years ago… don’t exactly remember his opinions coming to light, but I can’t say I’m surprised either.
- 0 Posts
- 7 Comments
Joined 1 year ago
Cake day: June 1st, 2023
You are not logged in. If you use a Fediverse account that is able to follow users, you can follow this user.
2·1 year agoIt does not. The fingerprint always only unlocks the device's HSM ("secure enclave" in Apple speak).
Between your devices enrolled in the ecosystem, private keys are synced securely (AFAIK, they make it so that an existing device’s HSM encrypts keys using the pubkey of the new one’s HSM); for signing up using your device on someone else's computer there's a process that combines QR codes with Bluetooth communication.
Note that you pretty much can't store them with Google or Apple; smartphone biometric sensors operate the on-device HSM, not something remote.
IIUC Apple syncs them using the most secure way they can, i.e. when you enroll a new device to your account the existing device, the existing device's HSM encrypts keys using the pubkey of the new one's HSM; and for recovery from being left with 0 Apple devices there might be (?) an escrow option that's optional (?)
Moved most of my stuff there a while ago, has been pretty great.