remko
commented
2 months ago This is probably the best medium to ask.
age-plugin-se uses SecureEnclave.P256.KeyAgreement.PrivateKey to construct private keys. The age identity is an encoding of the dataRepresentation of the private key. Unfortunately, there currently doesn't seem to be any detailed description of what the properties of these private keys and their data representation are (or I haven't found it at least), so all I can give is anecdotal evidence.
I'm assuming noone could actually use it unless they both have access to my laptop AND my biometry.
That seems to correspond to my assumption. Moreover, it seems that a private key without any protection (biometry or passcode) is also not usable on the same machine as a different user. I don't know what happens to the key's validity if you wipe your machine and restore it from backup.
That said, I tend to keep my secret keys private.
If someone can find a more definitive answer with pointers to documentation, that would be very welcome.
CodeWithShreyans
Hey, need some help to understand what exactly is encrypted and where. For example
Would it be safe to keep an identity encrypted with my current-biometry in a public repo? I'm assuming noone could actually use it unless they both have access to my laptop AND my biometry.
Or of course, if there is some vulnerability in the encryption algorithm itself
Not sure if this is the best medium to ask, but thanks in advance