SeKey

SeKey is an SSH agent that stores private keys inside macOS’s Secure Enclave and uses Touch ID or the enclave’s hardware protection to sign authentication requests. When a key is generated, it never leaves the enclave; the agent forwards only the resulting cryptographic signatures to the SSH client, keeping the private material isolated from the main processor.

The tool is aimed at developers and system administrators who connect to UNIX/Linux SSH servers from a MacBook Pro with Touch Bar and Touch ID. It provides command‑line options to generate, list, export (public part), and delete 256‑bit elliptic‑curve keypairs, and can run as a background daemon exposing a Unix socket for standard SSH authentication.

Installation is performed via Homebrew Cask, a downloadable PKG, or a manual setup that registers a launch agent. Users configure the environment variable SSH_AUTH_SOCK to point to SeKey’s socket, allowing any SSH client to use the enclave‑backed keys without additional software changes.