Enable Face ID / Touch ID

ENABLE FACE ID / TOUCH ID FOR PASSPHRASE:

PGP EVERYWHERE ALLOWS YOU TO USE TOUCH ID (OR YOUR PASSCODE IF YOU DO NOT HAVE TOUCH ID ENABLED) TO SIGN AND DECRYPT MESSAGES INSTEAD OF ENTERING YOUR KEY'S PASSPHRASE EACH TIME. THIS FEATURE IS IDEAL FOR APPLICATIONS LIKE SMS, INSTANT MESSAGING, OR ANY CIRCUMSTANCE IN WHICH TYPING A LONG PASSPHRASE WOULD MAKE ENCRYPTION CUMBERSOME AND IMPRACTICAL. THIS FEATURE IS ENABLED ON A KEY-BY-KEY BASIS ON PRIVATE KEYS.

  1. OPEN THE PGP EVERYWHERE APP ON YOUR DEVICE
  2. SELECT THE KEYCHAIN TAB
  3. FIND THE PRIVATE KEY FOR WHICH YOU WISH TO ENABLE TOUCH ID, AND FLIP THE SWITCH NEXT TO IT.
  4. FOLLOW THE PROMPTS AND ENTER YOUR PASSPHRASE

SECURITY NOTE:

USING THIS FEATURE STORES AN ENCRYPTED COPY OF YOUR PASSPHRASE IN APPLE'S "SECURE ENCLAVE", A DEDICATED CHIP THAT HANDLES TOUCH ID AND OTHER ENCRYPTION ON THE DEVICE. PASSPHRASES ARE STORED USING THE ATTRIBUTE KSECATTRACCESSIBLEWHENPASSCODESETTHISDEVICEONLY. THIS MEANS SEVERAL THINGS. FIRST IS THAT PASSPHRASES CAN ONLY BE STORED WHEN THERE IS A PASSCODE SET ON THE DEVICE. SECOND IS THAT IF THE PASSCODE IS REMOVED FROM THE DEVICE, THEN THE STORED PASSPHRASES WILL BE AUTOMATICALLY DELETED. THIRD IS THAT STORED PASSPHRASES ARE NOT INCLUDED IN BACKUPS OF THE DEVICE, ARE NEVER SENT TO ICLOUD, AND NEVER LEAVE THE DEVICE. THIS FEATURE IS INTENDED FOR CONVENIENCE BUT IS INHERENTLY LESS SECURE SIMPLY BECAUSE OF THE FACT THAT YOUR PASSPHRASE IS STORED SOMEWHERE. HOWEVER, TO GAIN ACCESS TO YOUR PASSPHRASE, AN ATTACKER WOULD HAVE TO 1) ACQUIRE YOUR DEVICE, 2) UNLOCK YOUR DEVICE, AND 3) JAILBREAK YOUR DEVICE TO GAIN ACCESS TO THE KEYCHAIN.