Secure Enclave Details

Nil
Nil
Community Member
edited April 2023 in 1Password 3 – 7 for Mac

Hi,

Congratulations on this release, it looks great!

Could someone please explain how the new "Secure Enclave for Touch ID" feature works and what the difference to the previous Touch ID implementation was?

Thanks, Kim


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Edelheid
    Edelheid
    Community Member
    edited March 2018

    Yes! I’m also very eager to learn more about it.

    I’m not sure if simply launching 1Password 7 and enabling Touch ID under Preferences is enough for my Master Password to become secured inside the Secure Enclave. I previously used Touch ID in a copy of 1Password 6 that ran under the same Mac, can’t help but showcase concern if that introduced complications in my setup.

  • Unknown
    edited March 2018
    This content has been removed.
  • rickfillion
    edited March 2018

    Hi Everyone,

    I wrote both the original and new implementation so I'm probably best suited to answer the question. I'll try not to dive too deep into the weeds, but it might be hard considering the question at hand. Before we dive in, I do want to say that how 1Password 6 does it is still fine, it's just better in 1Password 7. We're always looking to do things better, even when we think things are OK.

    In both cases what's used to unlock 1Password remains the same: a piece of data is decrypted, and that decrypted secret is used to unlock the vault in the place of your Master Password.

    What has changed is where that encrypted secret is stored, and how it's encrypted.

    In 1Password 6 we used the Mac's keychain to store the encrypted secret, and the encryption key for that secret was stored on disk. It's important that these two things be stored separately so that someone who gets one doesn't get both. The Mac's keychain was a great fit because it allows us to set rules that the operating system enforces like "only an app signed by AgileBits can read this item." And so even if another app read the key from the disk they couldn't get to the data that was encrypted by it. This worked well, but in order to make it work seamlessly for users we needed to use a synchronized keychain: i.e. iCloud Keychain. This meant that the encrypted secret (encrypted with a super strong key) could be uploaded to iCloud if you had iCloud Keychain enabled. There was no real security problem here because of the strength of the encryption and the fact that the keys always stayed local, but it just felt odd.

    In 1Password 7 we change things around. The encrypted secret now lives on disk, and the key that's used for encrypting it lives only within the Secure Enclave. 1Password asks the system keychain to create an encryption key on its behalf, and specifies that it'd like that key to A) only be accessible by AgileBits/1Password, and B ) only ever reside in the Secure Enclave. Unlike version 6, these options did not require that we use iCloud Keychain and in fact these options are mutually exclusive to using iCloud Keychain. So now when we want to decrypt that secret, 1Password must prove to the keychain that it's who it claims to be (via codesignatures) and once it has done so the system will allow 1Password to shuttle the encrypted secret to the Secure Enclave to be decrypted and returned to 1Password for use in the unlock process. This is better than version 6 because it's 100% local and the encryption key never even needs to live in memory. This version is very dependent on the existence of the Secure Enclave which only ships as part of Macs that have a Touchbar/Touch ID whereas the older approach was more general and could have been made to work on other Macs.

    In neither case is your Master Password saved in the keychain itself.

    I hope this helps.

    Rick

  • @Edelheid,

    You shouldn't need to do anything more than enable it as you did and it shouldn't conflict with version 6 at all. You should be all-set.

    Rick

  • jpgoldberg
    jpgoldberg
    1Password Alumni
    edited March 2018

    These are excellent questions, and the answer is not going to be a simple one. @rickfillion said in his answer that he would try not to dive too deeply into the weeds. So that is probably what y'all should be reading. For those who wish to continue we go ...

    Into the weeds

    First, it is important to understand that there is a chain of keys. It's not your Master Password that gets stored, but something two steps along the chain of keys from it.

    When you provide your Master Password it is combined and processed with your Secret Key to derive another key. Let's call that the "derived key". This derived key is used as a Key Encryption Key ()KEK) to encrypt yet another key, which I will call the "master key".

    The master key can be used to decrypt more keys and is sufficient to fully unlock 1Password on your own device.

    TouchID requires that we are able to get at this master key to unlock 1Password on your device. So the question is where and how to store it.

    macOS Keychain (the old way)

    The macOS and iOS keychains are designed to store secrets of this nature. This is where things the keys needed for Mail to connect to your mail server live. Things in those are encrypted with keys derived from for macOS login password.

    The macOS keychain is a good place to do this, but it has some annoyances.1 And it is still vulnerable to someone who gets a copy of your macOS keychain and your login password. We have some extra defenses against such things, but on the whole, it would be a bad thing2 for an attacker to get the combination of your local 1Password encrypted data, your macOS keychain in which we've stored a form of the master key for use with TouchID, and your Mac login password needed to decrypt macOS keychain contents.

    Anyway, that is how it used to work, and it works well enough that we were happy to support TouchID in this way. The macOS Keychain is designed as a place for apps to store long term. But that doesn't mean that there wasn't room for improvement. And so on to what we do in 1Password 7.

    Secure enclave

    Apple devices which support TouchID have a secure enclave. Think of it is a special chip that only accepts a very limited set of instructions from anything outside of it. It is designed to store keys that only it can use. It cannot reveal those keys.

    We can ask it to create a key that only our application can use on the device. So first we ask the enclave to create a key that it will keep internally. Then we ask it to encrypt the master key and return the encrypted version. Now the master key is encrypted with a key that only lives in the secure enclave of your device. We can store that encrypted version pretty much anywhere.

    Now when you unlock with TouchID, the system can pass the encrypted master key to the secure enclave with instructions to decrypt it. As with the macOS keychain, only applications signed with our identity will be able to make such requests.

    The key in the enclave that is used for encrypting this master key is created in the enclave itself. It never leaves that very restricted part of your processor. An attacker who gets a copy of all the data stored on your disk and also your macOS login password will still not be able to decrypt that master key. It can only be decrypted with the aid of something stored deep in a chip on your machine.

    Things you still need to do

    What we do in 1Password 7 for TouchID is a security improvement. It defends against more potential attacks than what we have in 1Password 6 but that does not mean that it can defend you against all malware running on your machine, nor can it defend you against a weak Master Password if someone does copy data from your machine. So same as it ever was

    1. You do need to keep your machine free of malware. Keep your system and software up to date, and don't disable Gatekeeper.

    2. You do need to have a strong Master Password in case someone does steal data stored on your disks. The strength of your Master Password determines how long it will take an attacker who gets data from your machine to be able to decrypt it. (Your Secret Key defends against a weak Master Password if your encrypted data is stolen from us, but it does not offer that protection if your data is stolen from you.)

    3. Security improvements do not mean that previous approaches are necessarily "insecure". It's important to keep software up to date to get fixes for security bugs, but many security improvements aren't bug fixes. They are simply improvements. The security of TouchID in 1Password 6 for Mac is very good. It was carefully designed, and it makes good use of the security mechanisms offered by the operating system. But we always look for ways to make things securerer.

    1. Rick mentioned some of these annoyances. ↩︎

    2. Malware which captures those data and attempts to trick you into revealing your macOS password is not unknown. See this forum discussion from May 2017 about such malware. ↩︎

  • Unknown
    edited March 2018
    This content has been removed.
  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Thank you @artemsyd!

  • no, thank you @jpgoldberg!

    Rudy

  • Nil
    Nil
    Community Member

    Awesome, thank you both for taking the time to expand on this. I really appreciate you doing it so quickly, considering you probably have A LOT on your plate right now.

    I also really appreciate the drive to do better even though what you had already was good enough...

    After reading the explanations, here is how I understand it.

    On 1P6 if you had TouchID enabled and an attacker got your local 1Password encrypted data, your macOS keychain and your macOS login password, they could potentially unlock your 1P data.

    On IP7 they wouldn’t be able to do it with just those things. They would need physical access to the computer and an authenticated fingerprint.

    Is it accurate to summarize it like this?

  • Nil
    Nil
    Community Member

    And one more question, how are the private keys removed from the Secure Enclave...

    For example, I've set it up to require the password once in one day. Does the secure enclave itself remove the keys or does the 1P app have to ask the secure enclave to remove them?

    Similarly, on iOS the keys are removed on reboot. Does the same thing happen on the mac?

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @nil! You are correct, when you say:

    On 1P6 if you had TouchID enabled and an attacker got your local 1Password encrypted data, your macOS keychain and your macOS login password, they could potentially unlock your 1P data.

    On IP7 they wouldn’t be able to do it with just those things. They would need physical access to the computer and an authenticated fingerprint.

    And to your next question:

    And one more question, how are the private keys removed from the Secure Enclave...

    For example, I've set it up to require the password once in one day. Does the secure enclave itself remove the keys or does the 1P app have to ask the secure enclave to remove them?

    Neither. The Secure Enclave retains the ability to decrypt the key. 1Password just gets rid of the encrypted key.

    Similarly, on iOS the keys are removed on reboot. Does the same thing happen on the Mac?

    Effectively yes. But it is a different set of keys in this case. There are also layers of keys involving the operating system and the Secure Enclave which I skipped over to keep things simple. Some of the keys that the Secure Enclave needs to decrypt things depend on things derived from the device passcode. Until that is provide to the operating system, there are things that the Secure Enclave cannot decrypt.

    I'm not entirely certain how this works on macOS, with multiple users. I suspect that it is similar to full disk encryption. Some user's login passwords can unlock the keys that are used to encrypt the disks. Once provided the keys need to decrypt the disks are kept in system memory until the system is shut down.

  • acdx
    acdx
    Community Member

    Hi,

    You should update the text at https://support.1password.com/touch-id-security-mac/ to reflect the use of the Secure Enclave. Right now the information is outdated/inaccurate.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I suspect in the future we will when it makes more sense to do so. Right now that is not true for a lot of people.

  • acdx
    acdx
    Community Member

    @brenty

    Right now there's a link on the security tab of preferences in 1Password 7 linking directly to that article. Maybe the link should point elsewhere in 1Password 7 to avoid communicating incorrect information about security.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @acdx: What did you specifically have in mind? You seem to be suggesting that we're overstating the security, when the opposite is true in some cases. I still think it's best that we wait until we've got everything resolved with Apple regarding implementation since it looks like there are some changes in macOS. It's unclear at this time if we need to adjust, Apple needs to, or both -- probably both. My point is that anything we add there now may not be accurate, as this is an ongoing process with Apple. But we're open to suggestions. Should we offer zero information on (macOS) Touch ID security for the time being?

  • acdx
    acdx
    Community Member
    edited July 2018

    @brenty

    Hi,

    What type of changes are coming and is the Touch ID feature of 1Password 7 currently, and/or in the foreseeable future, using the Secure Enclave on 2018 Macbook Pros with T2?

    Users need this type of information to be able to determine whether 1Password's implementation of a feature is secure enough for their needs or not. Also, users need the information that 1Password provides about security to be reliable to maintain trust. I'd imagine this is even more important for corporate customers. I've been burned by 1Password in this respect before, when I found out all my metadata was sitting in Dropbox unencrypted, because my vault was in an old less-secure format and I had to upgrade to opvault manually. 1Password was making a variety of security claims on their website, but many of those didn't apply to me, simply because I had migrated from a previous version and hadn't upgraded my vault. These are the kind of "surprises" I, and I'm sure many other users, are trying to avoid.

  • AGAlumB
    AGAlumB
    1Password Alumni

    What type of changes are coming and is the Touch ID feature of 1Password 7 currently, and/or in the foreseeable future, using the Secure Enclave on 2018 Macbook Pros with T2?

    @acdx: That's what I'm saying: we don't know. There have been issues on Sierra and High Sierra, and it's completely broken on Mohave.

    Users need this type of information to be able to determine whether 1Password's implementation of a feature is secure enough for their needs or not.

    What information are you looking for that is not in that article?

    Also, users need the information that 1Password provides about security to be reliable to maintain trust. I'd imagine this is even more important for corporate customers.

    I don't think it's any different for any 1Password users. That's why we've always been open about our security model and data formats.

    I've been burned by 1Password in this respect before, when I found out all my metadata was sitting in Dropbox unencrypted, because my vault was in an old less-secure format and I had to upgrade to opvault manually.

    Well that's a blast from the past! I'm sorry for the confusion, but "all my metadata" isn't even accurate and we've always been open about our data formats. It sounds like you're referring to overview data not being encrypted in the legacy AgileKeychain format.

    1Password was making a variety of security claims on their website, but many of those didn't apply to me, simply because I had migrated from a previous version and hadn't upgraded my vault. These are the kind of "surprises" I, and I'm sure many other users, are trying to avoid.

    That simply isn't the case. It isn't easy to find things on the internet going back many years, but here's an archive from the Wayback Machine from 2011 -- more than 7 years ago -- regarding the format. And this information is still available on our website today (under the same "Individual Entry Contents" heading), in a slightly updated format. And this is something we've also discussed openly over the years with customers as well. It is the claims you are making which don't stand up to scrutiny.

    I agree that the Touch ID article will need to be updated once things are finalized. But my point is that, currently, the information in the article errs on the side of downplaying the security by assuming that the macOS Keychain is used. If and when Secure Enclave, with its enhanced security, is either in use by default and/or the outstanding efforts with Apple are complete, we will be sure to have that reflected in the article. For now, you should make your decision about whether or not to use Touch ID on your Mac based on the information that is available -- to all of us. I think that's reasonable.

  • acdx
    acdx
    Community Member

    What information are you looking for that is not in that article?

    Just the current behaviour of 1Password (= uses Secure Enclave on some systems?), and if there's any possibility that 1Password will silently revert to a less secure implementation if Apple's APIs change, etc. (a signal to security-conscious users to not use the feature).

    Regarding opvault: I'm not arguing information about the legacy format was not available. My issue is with the fact that the advertised security features of the latest version of 1Password were not available to some users, completely unbeknownst to them. I'm sure you're familiar with the controversy. I found out all of this after I saw plaintext information from my vault in Spotlight and Googled the issue.

    Look, I'm not interested in fighting about this issue. I'm sure you see my point, and you understand why it's important for security software to be transparent about its behaviour. Lack of obscurity around implementation details of security features is what gives confidence in people in the security industry to recommend your software. I don't think usability/simplicity is mutually exclusive with communicating thoroughly to users what your product is doing and where it's storing its data.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Just the current behaviour of 1Password (= uses Secure Enclave on some systems?), and if there's any possibility that 1Password will silently revert to a less secure implementation if Apple's APIs change, etc. (a signal to security-conscious users to not use the feature).

    @acdx: I'm sorry for not being clearer. My assumption was that you'd read this discussion. I think can put this to rest: 1Password 7 currently uses the Secure Enclave for Touch ID on supported Macs. The problem is that it is broken in many cases, meaning that Touch ID is not available. This is not s security risk, but "merely" a royal pain for those affected. 1Password 6 uses the Keychain. Some issues there too, but not with regard to security. Again, it's a usability problem. Touch ID APIs don't have a "fallback" that would result in weaker security; it simply isn't available when something isn't working right, and you'd have to enter your Master Password. Again, I'm sorry that it's confusing. That's part of why I don't think it makes sense to document things that are in flux. Does that help though?

    Regarding opvault: I'm not arguing information about the legacy format was not available. My issue is with the fact that the advertised security features of the latest version of 1Password were not available to some users, completely unbeknownst to them. I'm sure you're familiar with the controversy. I found out all of this after I saw plaintext information from my vault in Spotlight and Googled the issue.

    I'm not seeing what "claims" or "advertised features" you're referring to. When we talk about 1Password.com memberships, that obviously does not apply to people not using 1Password.com at all. Similarly, with regard to the benefits we talk about with the OPVault format, that does not apply to AgileKeychain. It's like if I complained that Apple advertises the security or convenience of Face ID when not all iPhones (and no Macs or iPads) have that feature. It just isn't applicable.

    Look, I'm not interested in fighting about this issue. I'm sure you see my point, and you understand why it's important for security software to be transparent about its behaviour. Lack of obscurity around implementation details of security features is what gives confidence in people in the security industry to recommend your software. I don't think usability/simplicity is mutually exclusive with communicating thoroughly to users what your product is doing and where it's storing its data.

    I agree. If there's anything that's still unclear to you, please let us know so we can answer your questions and update documentation to make it clearer where possible. Hopefully we'll be able to get everything sorted out with Apple and their Touch ID APIs in short order and update the website to reflect any changes that end up being necessary. I suspect it won't be long since Mohave will probably be released in less than two months. In the mean time, thanks for your patience, and you feedback on this. :)

  • acdx
    acdx
    Community Member

    Hi,

    As Mojave is about a week away, I was wondering if there are any updates regarding the security of the Touch ID feature in 1Password 7 on Mojave? Will it always use the secure enclave on T2 devices?

    Thanks

  • @acdx,

    1Password 7 only uses the Secure Enclave if you're making use of Touch ID for unlocking 1Password., nothing has changed since the initial 7.0 release.

  • acdx
    acdx
    Community Member

    Hi,

    Thanks. I just got the impression that things were in flux regarding which APIs you going to use from this comment earlier in this thread:

    I still think it's best that we wait until we've got everything resolved with Apple regarding implementation since it looks like there are some changes in macOS. It's unclear at this time if we need to adjust, Apple needs to, or both -- probably both. My point is that anything we add there now may not be accurate, as this is an ongoing process with Apple.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Sorry for the confusion, @acdx. There were some changes prior to 1Password 7. (I can't recall whether those were between 6 and 7 or were within 6).

  • @acdx,

    There was a bug in Mojave that prevented secd from being able to read our entitlements, that bug existed from Mojave Developer beta 2 until Mojave Developer beta 5 where Apple resolved the issue.

  • 1pwuser31547
    1pwuser31547
    Community Member

    Hi all.
    @acdx "1Password 7 only uses the Secure Enclave if you're making use of Touch ID for unlocking"
    @jpgoldberg "...So while we can stuff decryption keys into a secure enclave, we can't use it for the bulk of user secrets..."- (SGX secure enclave for Windows in context of memory management)

    Please clarify for Mac users with T2 chip with Secure Enclave if any encryption keys (MUK, KEK, derived keys) are stored there, regardless of Touch ID enabled or not, and if this is different from Macs without T2 chip.

    Is there any difference in the way this is handled between account holders and standalone vaults with respect to this?
    I understand that the Secret Key (for account holders) is stored in iCloud Keychain and the Master Password is not stored anywhere.

    Thanks

This discussion has been closed.