The Secure Enclave is a hardware-based key manager that’s isolated from the main processor to provide an extra layer of security. When you store a private key in the Secure Enclave, you never actually handle the key, making it difficult for the key to become compromised. Instead, you instruct the Secure Enclave to create the key, securely store it, and perform operations with it. You receive only the output of these operations, such as encrypted data or a cryptographic signature verification outcome. (c) Apple Docs
In the Termius iOS app, the SEP feature is an ability to generate a private key using iOS Keychain API, store this key inside the SEP, and use it for SSH connections.
Secure Enclave is available on devices with Apple A7 processor and newer (iPhone 5S and newer, iPad mini 2 and newer).
To use SEP in Termius for iOS, you need to protect the device with system passcode and optionally Touch ID / Face ID.
SEP Keys are not synchronizable even across iOS devices. Once you change the passcode on the device, all the previously created SEP Keys will stop working!
The overall usage of SEP keys is very similar to the usual SSH keys.
To create a SEP key, go to the Keychain Screen, press '+' button, and select 'Secure Enclave Key'.
The only editable field is the Key Name. Enter a name and press 'Generate' to proceed.
You only can access the public part of a SEP key.
As well as other keys in the app, it can be manually copied, sent by email, or exported to the host directly.
You set up SEP keys for SSH authentication the same way you set up other SSH keys: by selecting such key in the host's settings.
What will change is the way you connect: during the authentication step you will be prompted for passcode/TouchID/FaceID. Without it, the SEP key couldn't be used.
SEP keys work with the SSH agent as well as other SSH keys.
Similar to regular connections, you will be prompted for passcode/TouchID/FaceID to be able to authenticate with the key.