Remote cryptographic signing approval via iOS app (FaceID/TouchID/YubiKey NFC)

Resolved 💬 4 comments Opened Mar 25, 2026 by mateo-moon Closed Apr 24, 2026

Problem

When running Claude Code remotely (background agents, SSH sessions, CI), operations that require cryptographic signing (GPG commit signing, SSH authentication) fail silently or block because the user can't physically interact with their hardware security key.

This is a growing pain point as remote/agentic usage increases — users who enforce commit signing (via YubiKey, GPG, etc.) have to choose between security policy and remote productivity.

Proposed solution

Add a remote signing approval flow to the Claude Code iOS (and Android) app, similar to how GitHub Mobile handles 2FA sudo prompts or how Okta Verify handles push-based MFA.

Flow

  1. Claude Code (remote) encounters a signing operation (commit, SSH, etc.)
  2. Sends a push notification to the user's phone with context (e.g. "Sign commit Fix auth bug on main?")
  3. User approves via FaceID, TouchID, YubiKey NFC tap, or PIN
  4. App performs the cryptographic operation using a key stored in the device's Secure Enclave (or via YubiKey NFC)
  5. Signed result is returned to Claude Code, operation continues

Why this fits the Claude Code app

  • The iOS app already receives notifications for remote agent activity
  • Apple's LocalAuthentication and Security frameworks provide Secure Enclave key storage and biometric gating out of the box
  • The CoreNFC framework already supports YubiKey interaction (OpenPGP applet)
  • This follows a well-established UX pattern (GitHub Mobile, Okta Verify, 1Password SSH agent)

Authentication methods (by priority)

| Method | Hardware needed | Framework |
|---|---|---|
| FaceID | iPhone X+ | LocalAuthentication |
| TouchID | iPhone SE / iPad | LocalAuthentication |
| YubiKey NFC | YubiKey 5 NFC | CoreNFC |
| Device PIN | Any | LocalAuthentication |

Security considerations

  • Private keys stored in Secure Enclave never leave the device — same trust model as a hardware key
  • Each signing request should show the user what they're approving (commit message, repo, branch)
  • Timeout and auto-deny after N seconds for unattended requests
  • Optional: require biometric + YubiKey for high-assurance environments

Alternatives considered

  • GPG agent forwarding over SSH — works but requires an active SSH tunnel, doesn't cover background agents
  • Disabling commit signing — defeats the purpose
  • Long cache TTL on gpg-agent — weakens security posture
  • Standalone companion app + MCP server — possible but fragmented UX; native integration would be far better

View original on GitHub ↗

This issue has 4 comments on GitHub. Read the full discussion on GitHub ↗