Really fix signing for brief

* Adding credits txt

* Switch up build number

.github/workflows/release.yml

@@ -45,9 +45,12 @@ jobs:
     - name: Update Build Number
       env:
         TAG_NAME: ${{ github.ref }}
+        RUN_ID: ${{ github.run_id }}
       run: |
             export CLEAN_TAG=$(echo $TAG_NAME | sed -e 's/refs\/tags\/v//')
-            sed -i '' -e "s/CI_VERSION = 0.0.0/CI_VERSION = $CLEAN_TAG/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_CI_VERSION/$CLEAN_TAG/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_NUMBER/1.$RUN_ID/g" Config/Config.xcconfig
+            sed -i '' -e "s/GITHUB_BUILD_URL/https:\/\/github.com\/maxgoedjen\/secretive\/actions\/runs\/$RUN_ID/g" Secretive/Credits.rtf
     - name: Build
       run: xcrun xcodebuild -project Secretive.xcodeproj -scheme Secretive -configuration Release -archivePath Archive.xcarchive archive
     - name: Create ZIPs

Brief/Brief.h

@@ -0,0 +1,19 @@
+//
+//  Brief.h
+//  Brief
+//
+//  Created by Max Goedjen on 3/21/20.
+//  Copyright © 2020 Max Goedjen. All rights reserved.
+//
+
+#import <Foundation/Foundation.h>
+
+//! Project version number for Brief.
+FOUNDATION_EXPORT double BriefVersionNumber;
+
+//! Project version string for Brief.
+FOUNDATION_EXPORT const unsigned char BriefVersionString[];
+
+// In this header, you should import all the public headers of your framework using statements like #import <Brief/PublicHeader.h>
+
+

Brief/Info.plist

@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>CFBundleDevelopmentRegion</key>
+	<string>$(DEVELOPMENT_LANGUAGE)</string>
+	<key>CFBundleExecutable</key>
+	<string>$(EXECUTABLE_NAME)</string>
+	<key>CFBundleIdentifier</key>
+	<string>$(PRODUCT_BUNDLE_IDENTIFIER)</string>
+	<key>CFBundleInfoDictionaryVersion</key>
+	<string>6.0</string>
+	<key>CFBundleName</key>
+	<string>$(PRODUCT_NAME)</string>
+	<key>CFBundlePackageType</key>
+	<string>$(PRODUCT_BUNDLE_PACKAGE_TYPE)</string>
+	<key>CFBundleShortVersionString</key>
+	<string>1.0</string>
+	<key>CFBundleVersion</key>
+	<string>$(CURRENT_PROJECT_VERSION)</string>
+	<key>NSHumanReadableCopyright</key>
+	<string>Copyright © 2020 Max Goedjen. All rights reserved.</string>
+</dict>
+</plist>

Brief/Updater.swift

@@ -1,17 +1,17 @@
 import Foundation
 import Combine
 
-protocol UpdaterProtocol: ObservableObject {
+public protocol UpdaterProtocol: ObservableObject {
 
     var update: Release? { get }
 
 }
 
-class Updater: ObservableObject, UpdaterProtocol {
+public class Updater: ObservableObject, UpdaterProtocol {
 
-    @Published var update: Release?
+    @Published public var update: Release?
 
-    init() {
+    public init() {
         checkForUpdates()
         let timer = Timer.scheduledTimer(withTimeInterval: 60*60*24, repeats: true) { _ in
             self.checkForUpdates()
@@ -19,7 +19,7 @@ class Updater: ObservableObject, UpdaterProtocol {
         timer.tolerance = 60*60
     }
 
-    func checkForUpdates() {
+    public func checkForUpdates() {
         URLSession.shared.dataTask(with: Constants.updateURL) { data, _, _ in
             guard let data = data else { return }
             guard let release = try? JSONDecoder().decode(Release.self, from: data) else { return }
@@ -58,16 +58,24 @@ extension Updater {
 
 }
 
-struct Release: Codable {
-    let name: String
-    let html_url: URL
-    let body: String
+public struct Release: Codable {
+
+    public let name: String
+    public let html_url: URL
+    public let body: String
+
+    public init(name: String, html_url: URL, body: String) {
+        self.name = name
+        self.html_url = html_url
+        self.body = body
+    }
+
 }
 
 
 extension Release {
 
-    var critical: Bool {
+    public var critical: Bool {
         return body.contains(Constants.securityContent)
     }
 

Config/Config.xcconfig

@@ -1 +1,2 @@
-CI_VERSION = 0.0.0
+CI_VERSION = GITHUB_CI_VERSION
+CI_BUILD_NUMBER = GITHUB_BUILD_NUMBER

SecretAgent/AppDelegate.swift

@@ -1,6 +1,9 @@
 import Cocoa
-import SecretKit
 import OSLog
+import Combine
+import SecretKit
+import SecretAgentKit
+import Brief
 
 @NSApplicationMain
 class AppDelegate: NSObject, NSApplicationDelegate {
@@ -11,14 +14,16 @@ class AppDelegate: NSObject, NSApplicationDelegate {
         list.add(store: SmartCard.Store())
         return list
     }()
+    let updater = Updater()
     let notifier = Notifier()
     lazy var agent: Agent = {
-        Agent(storeList: storeList, notifier: notifier)
+        Agent(storeList: storeList, witness: notifier)
     }()
     lazy var socketController: SocketController = {
         let path = (NSHomeDirectory() as NSString).appendingPathComponent("socket.ssh") as String
         return SocketController(path: path)
     }()
+    fileprivate var updateSink: AnyCancellable?
 
     func applicationDidFinishLaunching(_ aNotification: Notification) {
         os_log(.debug, "SecretAgent finished launching")
@@ -26,10 +31,10 @@ class AppDelegate: NSObject, NSApplicationDelegate {
             self.socketController.handler = self.agent.handle(fileHandle:)
         }
         notifier.prompt()
-    }
-
-    func applicationWillTerminate(_ aNotification: Notification) {
-        // Insert code here to tear down your application
+        updateSink = updater.$update.sink { release in
+            guard let release = release else { return }
+            self.notifier.notify(update: release)
+        }
     }
 
 

SecretAgent/Info.plist

@@ -25,7 +25,7 @@
 	<key>LSUIElement</key>
 	<true/>
 	<key>NSHumanReadableCopyright</key>
-	<string>Copyright © 2020 Max Goedjen. All rights reserved.</string>
+	<string>$(PRODUCT_NAME) is MIT Licensed.</string>
 	<key>NSMainStoryboardFile</key>
 	<string>Main</string>
 	<key>NSPrincipalClass</key>

SecretAgent/Notifier.swift

@@ -1,22 +1,110 @@
 import Foundation
-import SecretKit
 import UserNotifications
+import AppKit
+import SecretKit
+import SecretAgentKit
+import Brief
 
 class Notifier {
 
+    fileprivate let notificationDelegate = NotificationDelegate()
+
+    init() {
+        let action = UNNotificationAction(identifier: Constants.updateIdentitifier, title: "Update", options: [])
+        let categories = UNNotificationCategory(identifier: Constants.updateIdentitifier, actions: [action], intentIdentifiers: [], options: [])
+        UNUserNotificationCenter.current().setNotificationCategories([categories])
+        UNUserNotificationCenter.current().delegate = notificationDelegate
+    }
+
     func prompt() {
         let notificationCenter = UNUserNotificationCenter.current()
         notificationCenter.requestAuthorization(options: .alert) { _, _ in
         }
     }
 
-    func notify<SecretType: Secret>(accessTo secret: SecretType) {
+    func notify(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) {
         let notificationCenter = UNUserNotificationCenter.current()
         let notificationContent = UNMutableNotificationContent()
-        notificationContent.title = "Signed Request"
-        notificationContent.body = "\(secret.name) was used to sign a request."
+        notificationContent.title = "Signed Request from \(provenance.origin.name)"
+        notificationContent.subtitle = "Using secret \"\(secret.name)\""
+        if let iconURL = iconURL(for: provenance), let attachment = try? UNNotificationAttachment(identifier: "icon", url: iconURL, options: nil) {
+            notificationContent.attachments = [attachment]
+        }
+        let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)
+        notificationCenter.add(request, withCompletionHandler: nil)
+    }
+
+    func notify(update: Release) {
+        notificationDelegate.release = update
+        let notificationCenter = UNUserNotificationCenter.current()
+        let notificationContent = UNMutableNotificationContent()
+        if update.critical {
+            notificationContent.title = "Critical Security Update - \(update.name)"
+        } else {
+            notificationContent.title = "Update Available - \(update.name)"
+        }
+        notificationContent.subtitle = "Click to Update"
+        notificationContent.body = update.body
+        notificationContent.categoryIdentifier = Constants.updateIdentitifier
         let request = UNNotificationRequest(identifier: UUID().uuidString, content: notificationContent, trigger: nil)
         notificationCenter.add(request, withCompletionHandler: nil)
     }
 
 }
+
+extension Notifier {
+
+    func iconURL(for provenance: SigningRequestProvenance) -> URL? {
+        do {
+            if let app = NSRunningApplication(processIdentifier: provenance.origin.pid), let icon = app.icon?.tiffRepresentation {
+                let temporaryURL = URL(fileURLWithPath: (NSTemporaryDirectory() as NSString).appendingPathComponent("\(UUID().uuidString).png"))
+                let bitmap = NSBitmapImageRep(data: icon)
+                try bitmap?.representation(using: .png, properties: [:])?.write(to: temporaryURL)
+                return temporaryURL
+            }
+        } catch {
+        }
+        return nil
+    }
+
+}
+
+extension Notifier: SigningWitness {
+
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
+    }
+
+    func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws {
+        notify(accessTo: secret, by: provenance)
+    }
+
+}
+
+extension Notifier {
+
+    enum Constants {
+        static let updateIdentitifier  = "com.maxgoedjen.Secretive.SecretAgent.update"
+    }
+
+}
+
+class NotificationDelegate: NSObject, UNUserNotificationCenterDelegate {
+
+    fileprivate var release: Release?
+
+    func userNotificationCenter(_ center: UNUserNotificationCenter, openSettingsFor notification: UNNotification?) {
+
+    }
+
+    func userNotificationCenter(_ center: UNUserNotificationCenter, didReceive response: UNNotificationResponse, withCompletionHandler completionHandler: @escaping () -> Void) {
+        guard response.notification.request.content.categoryIdentifier == Notifier.Constants.updateIdentitifier else { return }
+        guard let update = release else { return }
+        NSWorkspace.shared.open(update.html_url)
+        completionHandler()
+    }
+
+    func userNotificationCenter(_ center: UNUserNotificationCenter, willPresent notification: UNNotification, withCompletionHandler completionHandler: @escaping (UNNotificationPresentationOptions) -> Void) {
+        completionHandler(.alert)
+    }
+
+}

SecretAgent/SecretAgent.entitlements

@@ -4,6 +4,8 @@
 <dict>
 	<key>com.apple.security.app-sandbox</key>
 	<true/>
+	<key>com.apple.security.network.client</key>
+	<true/>
 	<key>com.apple.security.smartcard</key>
 	<true/>
 	<key>keychain-access-groups</key>

SecretAgentKit/Agent.swift

@@ -2,24 +2,26 @@ import Foundation
 import CryptoKit
 import OSLog
 import SecretKit
-import SecretAgentKit
+import AppKit
 
-class Agent {
+public class Agent {
 
     fileprivate let storeList: SecretStoreList
-    fileprivate let notifier: Notifier
+    fileprivate let witness: SigningWitness?
+    fileprivate let writer = OpenSSHKeyWriter()
+    fileprivate let requestTracer = SigningRequestTracer()
 
-    public init(storeList: SecretStoreList, notifier: Notifier) {
+    public init(storeList: SecretStoreList, witness: SigningWitness? = nil) {
         os_log(.debug, "Agent is running")
         self.storeList = storeList
-        self.notifier = notifier
+        self.witness = witness
     }
     
 }
 
 extension Agent {
 
-    func handle(fileHandle: FileHandle) {
+    public func handle(fileHandle: FileHandle) {
         os_log(.debug, "Agent handling new data")
         let data = fileHandle.availableData
         guard !data.isEmpty else { return }
@@ -40,7 +42,7 @@ extension Agent {
                 os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentIdentitiesAnswer.debugDescription)
             case .signRequest:
                 response.append(SSHAgent.ResponseType.agentSignResponse.data)
-                response.append(try sign(data: data))
+                response.append(try sign(data: data, from: fileHandle.fileDescriptor))
                 os_log(.debug, "Agent returned %@", SSHAgent.ResponseType.agentSignResponse.debugDescription)
             }
         } catch {
@@ -74,26 +76,22 @@ extension Agent {
         return countData + keyData
     }
 
-    func sign(data: Data) throws -> Data {
+    func sign(data: Data, from pid: Int32) throws -> Data {
         let reader = OpenSSHReader(data: data)
-        let writer = OpenSSHKeyWriter()
-        let hash = try reader.readNextChunk()
-        let matching = storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in
-            let allMatching = store.secrets.filter { secret in
-                hash == writer.data(secret: secret)
-            }
-            if let matching = allMatching.first {
-                return (store, matching)
-            }
-            return nil
-        }
-        guard let (store, secret) = matching.first else {
+        let hash = reader.readNextChunk()
+        guard let (store, secret) = secret(matching: hash) else {
+            os_log(.debug, "Agent did not have a key matching %@", hash as NSData)
             throw AgentError.noMatchingKey
         }
-        let dataToSign = try reader.readNextChunk()
+
+        let provenance = requestTracer.provenance(from: pid)
+        if let witness = witness {
+            try witness.speakNowOrForeverHoldYourPeace(forAccessTo: secret, by: provenance)
+        }
+
+        let dataToSign = reader.readNextChunk()
         let derSignature = try store.sign(data: dataToSign, with: secret)
-        // TODO: Move this
-        notifier.notify(accessTo: secret)
+
         let curveData = writer.curveType(for: secret.algorithm, length: secret.keySize).data(using: .utf8)!
 
         // Convert from DER formatted rep to raw (r||s)
@@ -123,6 +121,10 @@ extension Agent {
         sub.append(writer.lengthAndData(of: signatureChunk))
         signedData.append(writer.lengthAndData(of: sub))
 
+        if let witness = witness {
+            try witness.witness(accessTo: secret, by: provenance)
+        }
+
         os_log(.debug, "Agent signed request")
 
         return signedData
@@ -130,6 +132,22 @@ extension Agent {
 
 }
 
+extension Agent {
+
+    func secret(matching hash: Data) -> (AnySecretStore, AnySecret)? {
+        storeList.stores.compactMap { store -> (AnySecretStore, AnySecret)? in
+            let allMatching = store.secrets.filter { secret in
+                hash == writer.data(secret: secret)
+            }
+            if let matching = allMatching.first {
+                return (store, matching)
+            }
+            return nil
+        }.first
+    }
+
+}
+
 
 extension Agent {
 

SecretAgentKit/Info.plist

@@ -19,6 +19,6 @@
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>
-	<string>Copyright © 2020 Max Goedjen. All rights reserved.</string>
+	<string>$(PRODUCT_NAME) is MIT Licensed.</string>
 </dict>
 </plist>

SecretAgentKit/SecretAgentKit.h

@@ -1,12 +1,14 @@
-//
-//  SecretAgentKit.h
-//  SecretAgentKit
-//
-//  Created by Max Goedjen on 2/22/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
 #import <Foundation/Foundation.h>
+#import <Security/Security.h>
+
+
+// Forward declarations
+
+// from libproc.h
+int proc_pidpath(int pid, void * buffer, uint32_t  buffersize);
+
+// from SecTask.h
+OSStatus SecCodeCreateWithPID(int32_t, SecCSFlags, SecCodeRef *);
 
 //! Project version number for SecretAgentKit.
 FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
@@ -14,6 +16,4 @@ FOUNDATION_EXPORT double SecretAgentKitVersionNumber;
 //! Project version string for SecretAgentKit.
 FOUNDATION_EXPORT const unsigned char SecretAgentKitVersionString[];
 
-// In this header, you should import all the public headers of your framework using statements like #import <SecretAgentKit/PublicHeader.h>
-
 

SecretAgentKit/SigningRequestProvenance.swift

@@ -0,0 +1,45 @@
+import Foundation
+import AppKit
+
+public struct SigningRequestProvenance {
+
+    public var chain: [Process]
+    public init(root: Process) {
+        self.chain = [root]
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public var origin: Process {
+        chain.last!
+    }
+
+    public var intact: Bool {
+        return chain.reduce(true) { $0 && $1.validSignature }
+    }
+
+}
+
+extension SigningRequestProvenance {
+
+    public struct Process {
+
+        public let pid: Int32
+        public let name: String
+        public let path: String
+        public let validSignature: Bool
+        let parentPID: Int32?
+
+        init(pid: Int32, name: String, path: String, validSignature: Bool, parentPID: Int32?) {
+            self.pid = pid
+            self.name = name
+            self.path = path
+            self.validSignature = validSignature
+            self.parentPID = parentPID
+        }
+
+    }
+
+}

SecretAgentKit/SigningRequestTracer.swift

@@ -0,0 +1,43 @@
+import Foundation
+import AppKit
+import Security
+
+struct SigningRequestTracer {
+
+    func provenance(from pid: Int32) -> SigningRequestProvenance {
+        let pidPointer = UnsafeMutableRawPointer.allocate(byteCount: 4, alignment: 1)
+        var len = socklen_t(MemoryLayout<Int32>.size)
+        getsockopt(pid, SOCK_STREAM, LOCAL_PEERPID, pidPointer, &len)
+        let pid = pidPointer.load(as: Int32.self)
+        let firstInfo = process(from: pid)
+
+        var provenance = SigningRequestProvenance(root: firstInfo)
+        while NSRunningApplication(processIdentifier: provenance.origin.pid) == nil && provenance.origin.parentPID != nil {
+            provenance.chain.append(process(from: provenance.origin.parentPID!))
+        }
+        return provenance
+    }
+
+    func pidAndNameInfo(from pid: Int32) -> kinfo_proc {
+        var len = MemoryLayout<kinfo_proc>.size
+        let infoPointer = UnsafeMutableRawPointer.allocate(byteCount: len, alignment: 1)
+        var name: [Int32] = [CTL_KERN, KERN_PROC, KERN_PROC_PID, pid]
+        sysctl(&name, UInt32(name.count), infoPointer, &len, nil, 0)
+        return infoPointer.load(as: kinfo_proc.self)
+    }
+
+    func process(from pid: Int32) -> SigningRequestProvenance.Process {
+        var pidAndNameInfo = self.pidAndNameInfo(from: pid)
+        let ppid = pidAndNameInfo.kp_eproc.e_ppid != 0 ? pidAndNameInfo.kp_eproc.e_ppid : nil
+        let procName = String(cString: &pidAndNameInfo.kp_proc.p_comm.0)
+        let pathPointer = UnsafeMutablePointer<UInt8>.allocate(capacity: Int(MAXPATHLEN))
+        _ = proc_pidpath(pid, pathPointer, UInt32(MAXPATHLEN))
+        let path = String(cString: pathPointer)
+        var secCode: Unmanaged<SecCode>!
+        let flags: SecCSFlags = [.considerExpiration, .enforceRevocationChecks]
+        SecCodeCreateWithPID(pid, SecCSFlags(), &secCode)
+        let valid = SecCodeCheckValidity(secCode.takeRetainedValue(), flags, nil) == errSecSuccess
+        return SigningRequestProvenance.Process(pid: pid, name: procName, path: path, validSignature: valid, parentPID: ppid)
+    }
+
+}

SecretAgentKit/SigningWitness.swift

@@ -0,0 +1,9 @@
+import Foundation
+import SecretKit
+
+public protocol SigningWitness {
+
+    func speakNowOrForeverHoldYourPeace(forAccessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
+    func witness(accessTo secret: AnySecret, by provenance: SigningRequestProvenance) throws
+
+}

SecretAgentKit/SocketController.swift

@@ -1,13 +1,13 @@
 import Foundation
 import OSLog
 
-class SocketController {
+public class SocketController {
 
     fileprivate var fileHandle: FileHandle?
     fileprivate var port: SocketPort?
-    var handler: ((FileHandle) -> Void)?
+    public var handler: ((FileHandle) -> Void)?
 
-    init(path: String) {
+    public init(path: String) {
         os_log(.debug, "Socket controller setting up at %@", path)
         if let _ = try? FileManager.default.removeItem(atPath: path) {
             os_log(.debug, "Socket controller removed existing socket")

SecretAgentKitTests/SecretAgentKitTests.swift

@@ -1,11 +1,3 @@
-//
-//  SecretAgentKitTests.swift
-//  SecretAgentKitTests
-//
-//  Created by Max Goedjen on 2/22/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
 import XCTest
 @testable import SecretAgentKit
 

SecretKit/Common/OpenSSH/OpenSSHReader.swift

@@ -8,7 +8,7 @@ public class OpenSSHReader {
         remaining = Data(data)
     }
 
-    public func readNextChunk() throws -> Data {
+    public func readNextChunk() -> Data {
         let lengthRange = 0..<(UInt32.bitWidth/8)
         let lengthChunk = remaining[lengthRange]
         remaining.removeSubrange(lengthRange)

SecretKit/Common/SecretStoreList.swift

@@ -20,6 +20,10 @@ public class SecretStoreList: ObservableObject {
         addInternal(store: modifiable)
     }
 
+    public var anyAvailable: Bool {
+        stores.reduce(false, { $0 || $1.isAvailable })
+    }
+
 }
 
 extension SecretStoreList {

SecretKit/Info.plist

@@ -19,6 +19,6 @@
 	<key>CFBundleVersion</key>
 	<string>$(CURRENT_PROJECT_VERSION)</string>
 	<key>NSHumanReadableCopyright</key>
-	<string>Copyright © 2020 Max Goedjen. All rights reserved.</string>
+	<string>$(PRODUCT_NAME) is MIT Licensed.</string>
 </dict>
 </plist>

SecretKit/SecretKit.h

@@ -1,11 +1,3 @@
-//
-//  SecretKit.h
-//  SecretKit
-//
-//  Created by Max Goedjen on 2/18/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
 #import <Foundation/Foundation.h>
 
 //! Project version number for SecretKit.

SecretKit/SmartCard/SmartCardStore.swift

@@ -11,16 +11,17 @@ extension SmartCard {
         // TODO: Read actual smart card name, eg "YubiKey 5c"
         @Published public var isAvailable: Bool = false
         public let id = UUID()
-        public let name = NSLocalizedString("Smart Card", comment: "Smart Card")
+        public fileprivate(set) var name = NSLocalizedString("Smart Card", comment: "Smart Card")
         @Published public fileprivate(set) var secrets: [Secret] = []
         fileprivate let watcher = TKTokenWatcher()
         fileprivate var tokenID: String?
 
         public init() {
-            tokenID = watcher.tokenIDs.filter { !$0.contains("setoken") }.first
+            tokenID = watcher.nonSecureEnclaveTokens.first
             watcher.setInsertionHandler { string in
                 guard self.tokenID == nil else { return }
                 guard !string.contains("setoken") else { return }
+
                 self.tokenID = string
                 self.reloadSecrets()
                 self.watcher.addRemovalHandler(self.smartcardRemoved, forTokenID: string)
@@ -97,6 +98,14 @@ extension SmartCard.Store {
 
     fileprivate func loadSecrets() {
         guard let tokenID = tokenID else { return }
+        // Hack to read name if there's only one smart card
+        let slotNames = TKSmartCardSlotManager().slotNames
+        if watcher.nonSecureEnclaveTokens.count == 1 && slotNames.count == 1 {
+            name = slotNames.first!
+        } else {
+            name = NSLocalizedString("Smart Card", comment: "Smart Card")
+        }
+
         let attributes = [
             kSecClass: kSecClassKey,
             kSecAttrTokenID: tokenID,
@@ -124,6 +133,14 @@ extension SmartCard.Store {
 
 }
 
+extension TKTokenWatcher {
+
+    fileprivate var nonSecureEnclaveTokens: [String] {
+        tokenIDs.filter { !$0.contains("setoken") }
+    }
+
+}
+
 extension SmartCard {
 
     public struct KeychainError: Error {

SecretKitTests/AnySecretTests.swift

@@ -0,0 +1,17 @@
+import Foundation
+import XCTest
+@testable import SecretKit
+
+class AnySecretTests: XCTestCase {
+
+    func testEraser() {
+        let secret = SmartCard.Secret(id: UUID().uuidString.data(using: .utf8)!, name: "Name", algorithm: .ellipticCurve, keySize: 256, publicKey: UUID().uuidString.data(using: .utf8)!)
+        let erased = AnySecret(secret)
+        XCTAssert(erased.id == secret.id as AnyHashable)
+        XCTAssert(erased.name == secret.name)
+        XCTAssert(erased.algorithm == secret.algorithm)
+        XCTAssert(erased.keySize == secret.keySize)
+        XCTAssert(erased.publicKey == secret.publicKey)
+    }
+
+}

SecretKitTests/OpenSSHReaderTests.swift

@@ -0,0 +1,25 @@
+import Foundation
+import XCTest
+@testable import SecretKit
+
+class OpenSSHReaderTests: XCTestCase {
+
+    func testSignatureRequest() {
+        let reader = OpenSSHReader(data: Constants.signatureRequest)
+        let hash = reader.readNextChunk()
+        XCTAssert(hash == Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBEqCbkJbOHy5S1wVCaJoKPmpS0egM4frMqllgnlRRQ/Uvnn6EVS8oV03cPA2Bz0EdESyRKA/sbmn0aBtgjIwGELxu45UXEW1TEz6TxyS0u3vuIqR3Wo1CrQWRDnkrG/pBQ=="))
+        let dataToSign = reader.readNextChunk()
+        XCTAssert(dataToSign == Data(base64Encoded: "AAAAICi5xf1ixOestUlxdjvt/BDcM+rzhwy7Vo8cW5YcxA8+MgAAAANnaXQAAAAOc3NoLWNvbm5lY3Rpb24AAAAJcHVibGlja2V5AQAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAAiAAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRKgm5CWzh8uUtcFQmiaCj5qUtHoDOH6zKpZYJ5UUUP1L55+hFUvKFdN3DwNgc9BHREskSgP7G5p9GgbYIyMBhC8buOVFxFtUxM+k8cktLt77iKkd1qNQq0FkQ55Kxv6QU="))
+        let empty = reader.readNextChunk()
+        XCTAssert(empty.isEmpty)
+    }
+
+}
+
+extension OpenSSHReaderTests {
+
+    enum Constants {
+        static let signatureRequest = Data(base64Encoded: "AAAAiAAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRKgm5CWzh8uUtcFQmiaCj5qUtHoDOH6zKpZYJ5UUUP1L55+hFUvKFdN3DwNgc9BHREskSgP7G5p9GgbYIyMBhC8buOVFxFtUxM+k8cktLt77iKkd1qNQq0FkQ55Kxv6QUAAADvAAAAICi5xf1ixOestUlxdjvt/BDcM+rzhwy7Vo8cW5YcxA8+MgAAAANnaXQAAAAOc3NoLWNvbm5lY3Rpb24AAAAJcHVibGlja2V5AQAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAAiAAAABNlY2RzYS1zaGEyLW5pc3RwMzg0AAAACG5pc3RwMzg0AAAAYQRKgm5CWzh8uUtcFQmiaCj5qUtHoDOH6zKpZYJ5UUUP1L55+hFUvKFdN3DwNgc9BHREskSgP7G5p9GgbYIyMBhC8buOVFxFtUxM+k8cktLt77iKkd1qNQq0FkQ55Kxv6QUAAAAA")!
+    }
+
+}

SecretKitTests/OpenSSHWriterTests.swift

@@ -0,0 +1,45 @@
+import Foundation
+import XCTest
+@testable import SecretKit
+
+class OpenSSHWriterTests: XCTestCase {
+
+    let writer = OpenSSHKeyWriter()
+
+    func testECDSA256Fingerprint() {
+        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa256Secret), "dc:60:4d:ff:c2:d9:18:8b:2f:24:40:b5:7f:43:47:e5")
+    }
+
+    func testECDSA256PublicKey() {
+        XCTAssertEqual(writer.openSSHString(secret:  Constants.ecdsa256Secret),
+        "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")
+    }
+
+    func testECDSA256Hash() {
+    XCTAssertEqual(writer.data(secret: Constants.ecdsa256Secret), Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo="))
+    }
+
+    func testECDSA384Fingerprint() {
+        XCTAssertEqual(writer.openSSHFingerprint(secret:  Constants.ecdsa384Secret), "66:e0:66:d7:41:ed:19:8e:e2:20:df:ce:ac:7e:2b:6e")
+    }
+
+    func testECDSA384PublicKey() {
+        XCTAssertEqual(writer.openSSHString(secret:  Constants.ecdsa384Secret),
+                       "ecdsa-sha2-nistp384 AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")
+    }
+
+    func testECDSA384Hash() {
+        XCTAssertEqual(writer.data(secret: Constants.ecdsa384Secret), Data(base64Encoded: "AAAAE2VjZHNhLXNoYTItbmlzdHAzODQAAAAIbmlzdHAzODQAAABhBG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ=="))
+    }
+
+}
+
+extension OpenSSHWriterTests {
+
+    enum Constants {
+        static let ecdsa256Secret =  SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 256)", algorithm: .ellipticCurve, keySize: 256, publicKey: Data(base64Encoded: "BOVEjgAA5PHqRgwykjN5qM21uWCHFSY/Sqo5gkHAkn+e1MMQKHOLga7ucB9b3mif33MBid59GRK9GEPVlMiSQwo=")!)
+        static let ecdsa384Secret =  SmartCard.Secret(id: Data(), name: "Test Key (ECDSA 384)", algorithm: .ellipticCurve, keySize: 384, publicKey: Data(base64Encoded: "BG2MNc/C5OTHFE2tBvbZCVcpOGa8vBMquiTLkH4lwkeqOPxhi+PyYUfQZMTRJNPiTyWPoMBqNiCIFRVv60yPN/AHufHaOgbdTP42EgMlMMImkAjYUEv9DESHTVIs2PW1yQ==")!)
+
+    }
+
+}

SecretKitTests/SecretKitTests.swift

@@ -1,27 +0,0 @@
-//
-//  SecretKitTests.swift
-//  SecretKitTests
-//
-//  Created by Max Goedjen on 2/18/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
-import XCTest
-@testable import SecretKit
-
-class SecretKitTests: XCTestCase {
-
-    override func setUp() {
-        // Put setup code here. This method is called before the invocation of each test method in the class.
-    }
-
-    override func tearDown() {
-        // Put teardown code here. This method is called after the invocation of each test method in the class.
-    }
-
-    func testExample() {
-        // This is an example of a functional test case.
-        // Use XCTAssert and related functions to verify your tests produce the correct results.
-    }
-
-}

Secretive.xcodeproj/project.pbxproj

@@ -9,6 +9,7 @@
 /* Begin PBXBuildFile section */
 		50020BB024064869003D4025 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50020BAF24064869003D4025 /* AppDelegate.swift */; };
 		5018F54F24064786002EB505 /* Notifier.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5018F54E24064786002EB505 /* Notifier.swift */; };
+		50524B442420969E008DBD97 /* OpenSSHWriterTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */; };
 		50617D8323FCE48E0099B055 /* AppDelegate.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8223FCE48E0099B055 /* AppDelegate.swift */; };
 		50617D8523FCE48E0099B055 /* ContentView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D8423FCE48E0099B055 /* ContentView.swift */; };
 		50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8623FCE48E0099B055 /* Assets.xcassets */; };
@@ -16,7 +17,6 @@
 		50617D8D23FCE48E0099B055 /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 50617D8B23FCE48E0099B055 /* Main.storyboard */; };
 		50617D9923FCE48E0099B055 /* SecretiveTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617D9823FCE48E0099B055 /* SecretiveTests.swift */; };
 		50617DB123FCE4AB0099B055 /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
-		50617DB823FCE4AB0099B055 /* SecretKitTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DB723FCE4AB0099B055 /* SecretKitTests.swift */; };
 		50617DBA23FCE4AB0099B055 /* SecretKit.h in Headers */ = {isa = PBXBuildFile; fileRef = 50617DAA23FCE4AB0099B055 /* SecretKit.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		50617DBD23FCE4AB0099B055 /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
 		50617DBE23FCE4AB0099B055 /* SecretKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
@@ -26,12 +26,25 @@
 		50617DCE23FCECFA0099B055 /* SecureEnclaveSecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */; };
 		50617DD023FCED2C0099B055 /* SecureEnclave.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DCF23FCED2C0099B055 /* SecureEnclave.swift */; };
 		50617DD223FCEFA90099B055 /* PreviewStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50617DD123FCEFA90099B055 /* PreviewStore.swift */; };
+		506772C72424784600034DED /* Credits.rtf in Resources */ = {isa = PBXBuildFile; fileRef = 506772C62424784600034DED /* Credits.rtf */; };
+		506772C92425BB8500034DED /* NoStoresView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506772C82425BB8500034DED /* NoStoresView.swift */; };
+		506772FF2426F3F400034DED /* Brief.h in Headers */ = {isa = PBXBuildFile; fileRef = 506772FD2426F3F400034DED /* Brief.h */; settings = {ATTRIBUTES = (Public, ); }; };
+		506773022426F3F400034DED /* Brief.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 506772FB2426F3F400034DED /* Brief.framework */; };
+		506773032426F3F400034DED /* Brief.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 506772FB2426F3F400034DED /* Brief.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		506773092426F3FD00034DED /* Updater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506773082426F3FD00034DED /* Updater.swift */; };
+		5067730C2426F40E00034DED /* Brief.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 506772FB2426F3F400034DED /* Brief.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		5067730E242701BA00034DED /* OpenSSHReaderTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5067730D242701BA00034DED /* OpenSSHReaderTests.swift */; };
+		506773102427057600034DED /* AnySecretTests.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5067730F2427057600034DED /* AnySecretTests.swift */; };
 		5068389E241471CD00F55094 /* SecretStoreList.swift in Sources */ = {isa = PBXBuildFile; fileRef = 5068389D241471CD00F55094 /* SecretStoreList.swift */; };
 		506838A12415EA5600F55094 /* AnySecret.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A02415EA5600F55094 /* AnySecret.swift */; };
 		506838A32415EA5D00F55094 /* AnySecretStore.swift in Sources */ = {isa = PBXBuildFile; fileRef = 506838A22415EA5D00F55094 /* AnySecretStore.swift */; };
 		506AB87E2412334700335D91 /* SecretAgent.app in CopyFiles */ = {isa = PBXBuildFile; fileRef = 50A3B78A24026B7500D209EA /* SecretAgent.app */; settings = {ATTRIBUTES = (RemoveHeadersOnCopy, ); }; };
-		50731666241DF8660023809E /* Updater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50731665241DF8660023809E /* Updater.swift */; };
 		50731669241E00C20023809E /* NoticeView.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50731668241E00C20023809E /* NoticeView.swift */; };
+		507CE4ED2420A3C70029F750 /* Agent.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79F24026B9900D209EA /* Agent.swift */; };
+		507CE4EE2420A3CA0029F750 /* SocketController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79D24026B9900D209EA /* SocketController.swift */; };
+		507CE4F02420A4C50029F750 /* SigningWitness.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4EF2420A4C50029F750 /* SigningWitness.swift */; };
+		507CE4F42420A8C10029F750 /* SigningRequestProvenance.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */; };
+		507CE4F62420A96F0029F750 /* SigningRequestTracer.swift in Sources */ = {isa = PBXBuildFile; fileRef = 507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */; };
 		508A58AA241E06B40069DC07 /* PreviewUpdater.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58A9241E06B40069DC07 /* PreviewUpdater.swift */; };
 		508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */; };
 		508A58B5241ED48F0069DC07 /* PreviewAgentStatusChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 508A58B4241ED48F0069DC07 /* PreviewAgentStatusChecker.swift */; };
@@ -49,8 +62,6 @@
 		50A3B79124026B7600D209EA /* Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79024026B7600D209EA /* Assets.xcassets */; };
 		50A3B79424026B7600D209EA /* Preview Assets.xcassets in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79324026B7600D209EA /* Preview Assets.xcassets */; };
 		50A3B79724026B7600D209EA /* Main.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 50A3B79524026B7600D209EA /* Main.storyboard */; };
-		50A3B7A024026B9900D209EA /* SocketController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79D24026B9900D209EA /* SocketController.swift */; };
-		50A3B7A224026B9900D209EA /* Agent.swift in Sources */ = {isa = PBXBuildFile; fileRef = 50A3B79F24026B9900D209EA /* Agent.swift */; };
 		50A5C18C240E4B4B00E2996C /* SecretAgentKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 5099A06C240242BA0062B6F2 /* SecretAgentKit.framework */; };
 		50A5C18D240E4B4B00E2996C /* SecretAgentKit.framework in Embed Frameworks */ = {isa = PBXBuildFile; fileRef = 5099A06C240242BA0062B6F2 /* SecretAgentKit.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
 		50A5C18F240E4B4C00E2996C /* SecretKit.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 50617DA823FCE4AB0099B055 /* SecretKit.framework */; };
@@ -98,6 +109,27 @@
 			remoteGlobalIDString = 50617DA723FCE4AB0099B055;
 			remoteInfo = SecretKit;
 		};
+		506773002426F3F400034DED /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 506772FA2426F3F400034DED;
+			remoteInfo = Brief;
+		};
+		5067730A2426F40A00034DED /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 506772FA2426F3F400034DED;
+			remoteInfo = Brief;
+		};
+		507CE4F12420A6B50029F750 /* PBXContainerItemProxy */ = {
+			isa = PBXContainerItemProxy;
+			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
+			proxyType = 1;
+			remoteGlobalIDString = 50617DA723FCE4AB0099B055;
+			remoteInfo = SecretKit;
+		};
 		5099A076240242BA0062B6F2 /* PBXContainerItemProxy */ = {
 			isa = PBXContainerItemProxy;
 			containerPortal = 50617D7723FCE48D0099B055 /* Project object */;
@@ -115,6 +147,7 @@
 			dstSubfolderSpec = 10;
 			files = (
 				50617DBE23FCE4AB0099B055 /* SecretKit.framework in Embed Frameworks */,
+				506773032426F3F400034DED /* Brief.framework in Embed Frameworks */,
 			);
 			name = "Embed Frameworks";
 			runOnlyForDeploymentPostprocessing = 0;
@@ -145,6 +178,7 @@
 			dstPath = "";
 			dstSubfolderSpec = 10;
 			files = (
+				5067730C2426F40E00034DED /* Brief.framework in Embed Frameworks */,
 				50A5C18D240E4B4B00E2996C /* SecretAgentKit.framework in Embed Frameworks */,
 				50A5C190240E4B4C00E2996C /* SecretKit.framework in Embed Frameworks */,
 			);
@@ -166,6 +200,7 @@
 /* Begin PBXFileReference section */
 		50020BAF24064869003D4025 /* AppDelegate.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		5018F54E24064786002EB505 /* Notifier.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Notifier.swift; sourceTree = "<group>"; };
+		50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenSSHWriterTests.swift; sourceTree = "<group>"; };
 		50617D7F23FCE48E0099B055 /* Secretive.app */ = {isa = PBXFileReference; explicitFileType = wrapper.application; includeInIndex = 0; path = Secretive.app; sourceTree = BUILT_PRODUCTS_DIR; };
 		50617D8223FCE48E0099B055 /* AppDelegate.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AppDelegate.swift; sourceTree = "<group>"; };
 		50617D8423FCE48E0099B055 /* ContentView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ContentView.swift; sourceTree = "<group>"; };
@@ -181,7 +216,6 @@
 		50617DAA23FCE4AB0099B055 /* SecretKit.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = SecretKit.h; sourceTree = "<group>"; };
 		50617DAB23FCE4AB0099B055 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50617DB023FCE4AB0099B055 /* SecretKitTests.xctest */ = {isa = PBXFileReference; explicitFileType = wrapper.cfbundle; includeInIndex = 0; path = SecretKitTests.xctest; sourceTree = BUILT_PRODUCTS_DIR; };
-		50617DB723FCE4AB0099B055 /* SecretKitTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretKitTests.swift; sourceTree = "<group>"; };
 		50617DB923FCE4AB0099B055 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
 		50617DC623FCE4EA0099B055 /* SecretStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretStore.swift; sourceTree = "<group>"; };
 		50617DC823FCE50E0099B055 /* SecureEnclaveStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclaveStore.swift; sourceTree = "<group>"; };
@@ -189,11 +223,21 @@
 		50617DCD23FCECFA0099B055 /* SecureEnclaveSecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclaveSecret.swift; sourceTree = "<group>"; };
 		50617DCF23FCED2C0099B055 /* SecureEnclave.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecureEnclave.swift; sourceTree = "<group>"; };
 		50617DD123FCEFA90099B055 /* PreviewStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewStore.swift; sourceTree = "<group>"; };
+		506772C62424784600034DED /* Credits.rtf */ = {isa = PBXFileReference; lastKnownFileType = text.rtf; path = Credits.rtf; sourceTree = "<group>"; };
+		506772C82425BB8500034DED /* NoStoresView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoStoresView.swift; sourceTree = "<group>"; };
+		506772FB2426F3F400034DED /* Brief.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = Brief.framework; sourceTree = BUILT_PRODUCTS_DIR; };
+		506772FD2426F3F400034DED /* Brief.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = Brief.h; sourceTree = "<group>"; };
+		506772FE2426F3F400034DED /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+		506773082426F3FD00034DED /* Updater.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = Updater.swift; sourceTree = "<group>"; };
+		5067730D242701BA00034DED /* OpenSSHReaderTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = OpenSSHReaderTests.swift; sourceTree = "<group>"; };
+		5067730F2427057600034DED /* AnySecretTests.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecretTests.swift; sourceTree = "<group>"; };
 		5068389D241471CD00F55094 /* SecretStoreList.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SecretStoreList.swift; sourceTree = "<group>"; };
 		506838A02415EA5600F55094 /* AnySecret.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecret.swift; sourceTree = "<group>"; };
 		506838A22415EA5D00F55094 /* AnySecretStore.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AnySecretStore.swift; sourceTree = "<group>"; };
-		50731665241DF8660023809E /* Updater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = Updater.swift; sourceTree = "<group>"; };
 		50731668241E00C20023809E /* NoticeView.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = NoticeView.swift; sourceTree = "<group>"; };
+		507CE4EF2420A4C50029F750 /* SigningWitness.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningWitness.swift; sourceTree = "<group>"; };
+		507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningRequestProvenance.swift; sourceTree = "<group>"; };
+		507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = SigningRequestTracer.swift; sourceTree = "<group>"; };
 		508A58A9241E06B40069DC07 /* PreviewUpdater.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = PreviewUpdater.swift; sourceTree = "<group>"; };
 		508A58AB241E121B0069DC07 /* Config.xcconfig */ = {isa = PBXFileReference; lastKnownFileType = text.xcconfig; path = Config.xcconfig; sourceTree = "<group>"; };
 		508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = AgentStatusChecker.swift; sourceTree = "<group>"; };
@@ -232,6 +276,7 @@
 			buildActionMask = 2147483647;
 			files = (
 				50617DBD23FCE4AB0099B055 /* SecretKit.framework in Frameworks */,
+				506773022426F3F400034DED /* Brief.framework in Frameworks */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -257,6 +302,13 @@
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
+		506772F82426F3F400034DED /* Frameworks */ = {
+			isa = PBXFrameworksBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		5099A069240242BA0062B6F2 /* Frameworks */ = {
 			isa = PBXFrameworksBuildPhase;
 			buildActionMask = 2147483647;
@@ -295,6 +347,7 @@
 				5099A06D240242BA0062B6F2 /* SecretAgentKit */,
 				5099A07A240242BA0062B6F2 /* SecretAgentKitTests */,
 				508A58AF241E144C0069DC07 /* Config */,
+				506772FC2426F3F400034DED /* Brief */,
 				50617D8023FCE48E0099B055 /* Products */,
 				5099A08B240243730062B6F2 /* Frameworks */,
 			);
@@ -310,6 +363,7 @@
 				5099A06C240242BA0062B6F2 /* SecretAgentKit.framework */,
 				5099A074240242BA0062B6F2 /* SecretAgentKitTests.xctest */,
 				50A3B78A24026B7500D209EA /* SecretAgent.app */,
+				506772FB2426F3F400034DED /* Brief.framework */,
 			);
 			name = Products;
 			sourceTree = "<group>";
@@ -324,6 +378,7 @@
 				50617D8B23FCE48E0099B055 /* Main.storyboard */,
 				50617D8E23FCE48E0099B055 /* Info.plist */,
 				50617D8F23FCE48E0099B055 /* Secretive.entitlements */,
+				506772C62424784600034DED /* Credits.rtf */,
 				50617D8823FCE48E0099B055 /* Preview Content */,
 			);
 			path = Secretive;
@@ -366,7 +421,9 @@
 		50617DB623FCE4AB0099B055 /* SecretKitTests */ = {
 			isa = PBXGroup;
 			children = (
-				50617DB723FCE4AB0099B055 /* SecretKitTests.swift */,
+				50524B432420969D008DBD97 /* OpenSSHWriterTests.swift */,
+				5067730D242701BA00034DED /* OpenSSHReaderTests.swift */,
+				5067730F2427057600034DED /* AnySecretTests.swift */,
 				50617DB923FCE4AB0099B055 /* Info.plist */,
 			);
 			path = SecretKitTests;
@@ -382,6 +439,16 @@
 			path = SecureEnclave;
 			sourceTree = "<group>";
 		};
+		506772FC2426F3F400034DED /* Brief */ = {
+			isa = PBXGroup;
+			children = (
+				506773082426F3FD00034DED /* Updater.swift */,
+				506772FD2426F3F400034DED /* Brief.h */,
+				506772FE2426F3F400034DED /* Info.plist */,
+			);
+			path = Brief;
+			sourceTree = "<group>";
+		};
 		5068389F2415EA4F00F55094 /* Erasers */ = {
 			isa = PBXGroup;
 			children = (
@@ -418,6 +485,7 @@
 				5099A02323FD2AAA0062B6F2 /* CreateSecretView.swift */,
 				50B8550C24138C4F009958AC /* DeleteSecretView.swift */,
 				50BB046A2418AAAE00D6E079 /* EmptyStoreView.swift */,
+				506772C82425BB8500034DED /* NoStoresView.swift */,
 				50C385A8240B636500AF2719 /* SetupView.swift */,
 			);
 			path = Views;
@@ -426,7 +494,6 @@
 		508A58B1241ED1EA0069DC07 /* Controllers */ = {
 			isa = PBXGroup;
 			children = (
-				50731665241DF8660023809E /* Updater.swift */,
 				508A58B2241ED2180069DC07 /* AgentStatusChecker.swift */,
 			);
 			path = Controllers;
@@ -457,6 +524,11 @@
 			children = (
 				5099A06E240242BA0062B6F2 /* SecretAgentKit.h */,
 				5099A089240242C20062B6F2 /* SSHAgentProtocol.swift */,
+				50A3B79D24026B9900D209EA /* SocketController.swift */,
+				507CE4EF2420A4C50029F750 /* SigningWitness.swift */,
+				507CE4F32420A8C10029F750 /* SigningRequestProvenance.swift */,
+				507CE4F52420A96F0029F750 /* SigningRequestTracer.swift */,
+				50A3B79F24026B9900D209EA /* Agent.swift */,
 				5099A06F240242BA0062B6F2 /* Info.plist */,
 			);
 			path = SecretAgentKit;
@@ -482,9 +554,7 @@
 			isa = PBXGroup;
 			children = (
 				50020BAF24064869003D4025 /* AppDelegate.swift */,
-				50A3B79F24026B9900D209EA /* Agent.swift */,
 				5018F54E24064786002EB505 /* Notifier.swift */,
-				50A3B79D24026B9900D209EA /* SocketController.swift */,
 				50A3B79024026B7600D209EA /* Assets.xcassets */,
 				50A3B79524026B7600D209EA /* Main.storyboard */,
 				50A3B79824026B7600D209EA /* Info.plist */,
@@ -513,6 +583,14 @@
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
+		506772F62426F3F400034DED /* Headers */ = {
+			isa = PBXHeadersBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				506772FF2426F3F400034DED /* Brief.h in Headers */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		5099A067240242BA0062B6F2 /* Headers */ = {
 			isa = PBXHeadersBuildPhase;
 			buildActionMask = 2147483647;
@@ -538,6 +616,7 @@
 			);
 			dependencies = (
 				50617DBC23FCE4AB0099B055 /* PBXTargetDependency */,
+				506773012426F3F400034DED /* PBXTargetDependency */,
 			);
 			name = Secretive;
 			productName = Secretive;
@@ -599,6 +678,24 @@
 			productReference = 50617DB023FCE4AB0099B055 /* SecretKitTests.xctest */;
 			productType = "com.apple.product-type.bundle.unit-test";
 		};
+		506772FA2426F3F400034DED /* Brief */ = {
+			isa = PBXNativeTarget;
+			buildConfigurationList = 506773042426F3F400034DED /* Build configuration list for PBXNativeTarget "Brief" */;
+			buildPhases = (
+				506772F62426F3F400034DED /* Headers */,
+				506772F72426F3F400034DED /* Sources */,
+				506772F82426F3F400034DED /* Frameworks */,
+				506772F92426F3F400034DED /* Resources */,
+			);
+			buildRules = (
+			);
+			dependencies = (
+			);
+			name = Brief;
+			productName = Brief;
+			productReference = 506772FB2426F3F400034DED /* Brief.framework */;
+			productType = "com.apple.product-type.framework";
+		};
 		5099A06B240242BA0062B6F2 /* SecretAgentKit */ = {
 			isa = PBXNativeTarget;
 			buildConfigurationList = 5099A083240242BA0062B6F2 /* Build configuration list for PBXNativeTarget "SecretAgentKit" */;
@@ -611,6 +708,7 @@
 			buildRules = (
 			);
 			dependencies = (
+				507CE4F22420A6B50029F750 /* PBXTargetDependency */,
 			);
 			name = SecretAgentKit;
 			productName = SecretAgentKit;
@@ -650,6 +748,7 @@
 			dependencies = (
 				5018F5492402736A002EB505 /* PBXTargetDependency */,
 				5018F54B2402736A002EB505 /* PBXTargetDependency */,
+				5067730B2426F40A00034DED /* PBXTargetDependency */,
 			);
 			name = SecretAgent;
 			productName = SecretAgent;
@@ -680,6 +779,10 @@
 					50617DAF23FCE4AB0099B055 = {
 						CreatedOnToolsVersion = 11.3;
 					};
+					506772FA2426F3F400034DED = {
+						CreatedOnToolsVersion = 11.4;
+						LastSwiftMigration = 1140;
+					};
 					5099A06B240242BA0062B6F2 = {
 						CreatedOnToolsVersion = 11.4;
 						LastSwiftMigration = 1140;
@@ -712,6 +815,7 @@
 				50617DAF23FCE4AB0099B055 /* SecretKitTests */,
 				5099A06B240242BA0062B6F2 /* SecretAgentKit */,
 				5099A073240242BA0062B6F2 /* SecretAgentKitTests */,
+				506772FA2426F3F400034DED /* Brief */,
 			);
 		};
 /* End PBXProject section */
@@ -724,6 +828,7 @@
 				50617D8D23FCE48E0099B055 /* Main.storyboard in Resources */,
 				50617D8A23FCE48E0099B055 /* Preview Assets.xcassets in Resources */,
 				50617D8723FCE48E0099B055 /* Assets.xcassets in Resources */,
+				506772C72424784600034DED /* Credits.rtf in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -748,6 +853,13 @@
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
+		506772F92426F3F400034DED /* Resources */ = {
+			isa = PBXResourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
 		5099A06A240242BA0062B6F2 /* Resources */ = {
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
@@ -785,11 +897,11 @@
 				508A58B3241ED2180069DC07 /* AgentStatusChecker.swift in Sources */,
 				50C385A52407A76D00AF2719 /* SecretDetailView.swift in Sources */,
 				5099A02423FD2AAA0062B6F2 /* CreateSecretView.swift in Sources */,
-				50731666241DF8660023809E /* Updater.swift in Sources */,
 				50B8550D24138C4F009958AC /* DeleteSecretView.swift in Sources */,
 				50BB046B2418AAAE00D6E079 /* EmptyStoreView.swift in Sources */,
 				50731669241E00C20023809E /* NoticeView.swift in Sources */,
 				50617D8323FCE48E0099B055 /* AppDelegate.swift in Sources */,
+				506772C92425BB8500034DED /* NoStoresView.swift in Sources */,
 				508A58B5241ED48F0069DC07 /* PreviewAgentStatusChecker.swift in Sources */,
 				508A58AA241E06B40069DC07 /* PreviewUpdater.swift in Sources */,
 			);
@@ -827,7 +939,17 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
-				50617DB823FCE4AB0099B055 /* SecretKitTests.swift in Sources */,
+				50524B442420969E008DBD97 /* OpenSSHWriterTests.swift in Sources */,
+				506773102427057600034DED /* AnySecretTests.swift in Sources */,
+				5067730E242701BA00034DED /* OpenSSHReaderTests.swift in Sources */,
+			);
+			runOnlyForDeploymentPostprocessing = 0;
+		};
+		506772F72426F3F400034DED /* Sources */ = {
+			isa = PBXSourcesBuildPhase;
+			buildActionMask = 2147483647;
+			files = (
+				506773092426F3FD00034DED /* Updater.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -835,7 +957,12 @@
 			isa = PBXSourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				507CE4EE2420A3CA0029F750 /* SocketController.swift in Sources */,
 				5099A08A240242C20062B6F2 /* SSHAgentProtocol.swift in Sources */,
+				507CE4ED2420A3C70029F750 /* Agent.swift in Sources */,
+				507CE4F02420A4C50029F750 /* SigningWitness.swift in Sources */,
+				507CE4F62420A96F0029F750 /* SigningRequestTracer.swift in Sources */,
+				507CE4F42420A8C10029F750 /* SigningRequestProvenance.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -853,8 +980,6 @@
 			files = (
 				50020BB024064869003D4025 /* AppDelegate.swift in Sources */,
 				5018F54F24064786002EB505 /* Notifier.swift in Sources */,
-				50A3B7A224026B9900D209EA /* Agent.swift in Sources */,
-				50A3B7A024026B9900D209EA /* SocketController.swift in Sources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -886,6 +1011,21 @@
 			target = 50617DA723FCE4AB0099B055 /* SecretKit */;
 			targetProxy = 50617DBB23FCE4AB0099B055 /* PBXContainerItemProxy */;
 		};
+		506773012426F3F400034DED /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 506772FA2426F3F400034DED /* Brief */;
+			targetProxy = 506773002426F3F400034DED /* PBXContainerItemProxy */;
+		};
+		5067730B2426F40A00034DED /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 506772FA2426F3F400034DED /* Brief */;
+			targetProxy = 5067730A2426F40A00034DED /* PBXContainerItemProxy */;
+		};
+		507CE4F22420A6B50029F750 /* PBXTargetDependency */ = {
+			isa = PBXTargetDependency;
+			target = 50617DA723FCE4AB0099B055 /* SecretKit */;
+			targetProxy = 507CE4F12420A6B50029F750 /* PBXContainerItemProxy */;
+		};
 		5099A077240242BA0062B6F2 /* PBXTargetDependency */ = {
 			isa = PBXTargetDependency;
 			target = 5099A06B240242BA0062B6F2 /* SecretAgentKit */;
@@ -1225,6 +1365,95 @@
 			};
 			name = Release;
 		};
+		506773052426F3F400034DED /* Debug */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_IDENTITY = "-";
+				CODE_SIGN_STYLE = Automatic;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				DEFINES_MODULE = YES;
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				INFOPLIST_FILE = Brief/Info.plist;
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/../Frameworks",
+					"@loader_path/Frameworks",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Brief;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_VERSION = 5.0;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Debug;
+		};
+		506773062426F3F400034DED /* Test */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_IDENTITY = "-";
+				CODE_SIGN_STYLE = Automatic;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				DEFINES_MODULE = YES;
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				INFOPLIST_FILE = Brief/Info.plist;
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/../Frameworks",
+					"@loader_path/Frameworks",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Brief;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SWIFT_OPTIMIZATION_LEVEL = "-Onone";
+				SWIFT_VERSION = 5.0;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Test;
+		};
+		506773072426F3F400034DED /* Release */ = {
+			isa = XCBuildConfiguration;
+			buildSettings = {
+				CLANG_ENABLE_MODULES = YES;
+				CODE_SIGN_IDENTITY = "-";
+				CODE_SIGN_STYLE = Automatic;
+				COMBINE_HIDPI_IMAGES = YES;
+				CURRENT_PROJECT_VERSION = 1;
+				DEFINES_MODULE = YES;
+				DEVELOPMENT_TEAM = Z72PRUAWF6;
+				DYLIB_COMPATIBILITY_VERSION = 1;
+				DYLIB_CURRENT_VERSION = 1;
+				DYLIB_INSTALL_NAME_BASE = "@rpath";
+				INFOPLIST_FILE = Brief/Info.plist;
+				INSTALL_PATH = "$(LOCAL_LIBRARY_DIR)/Frameworks";
+				LD_RUNPATH_SEARCH_PATHS = (
+					"$(inherited)",
+					"@executable_path/../Frameworks",
+					"@loader_path/Frameworks",
+				);
+				PRODUCT_BUNDLE_IDENTIFIER = com.maxgoedjen.Brief;
+				PRODUCT_NAME = "$(TARGET_NAME:c99extidentifier)";
+				SKIP_INSTALL = YES;
+				SWIFT_VERSION = 5.0;
+				VERSIONING_SYSTEM = "apple-generic";
+				VERSION_INFO_PREFIX = "";
+			};
+			name = Release;
+		};
 		508A5914241EF1A00069DC07 /* Test */ = {
 			isa = XCBuildConfiguration;
 			baseConfigurationReference = 508A58AB241E121B0069DC07 /* Config.xcconfig */;
@@ -1661,6 +1890,16 @@
 			defaultConfigurationIsVisible = 0;
 			defaultConfigurationName = Release;
 		};
+		506773042426F3F400034DED /* Build configuration list for PBXNativeTarget "Brief" */ = {
+			isa = XCConfigurationList;
+			buildConfigurations = (
+				506773052426F3F400034DED /* Debug */,
+				506773062426F3F400034DED /* Test */,
+				506773072426F3F400034DED /* Release */,
+			);
+			defaultConfigurationIsVisible = 0;
+			defaultConfigurationName = Release;
+		};
 		5099A083240242BA0062B6F2 /* Build configuration list for PBXNativeTarget "SecretAgentKit" */ = {
 			isa = XCConfigurationList;
 			buildConfigurations = (

Secretive.xcodeproj/xcshareddata/xcschemes/Secretive.xcscheme

@@ -67,7 +67,7 @@
       </Testables>
    </TestAction>
    <LaunchAction
-      buildConfiguration = "Test"
+      buildConfiguration = "Debug"
       selectedDebuggerIdentifier = "Xcode.DebuggerFoundation.Debugger.LLDB"
       selectedLauncherIdentifier = "Xcode.DebuggerFoundation.Launcher.LLDB"
       launchStyle = "0"

Secretive/AppDelegate.swift

@@ -1,6 +1,7 @@
 import Cocoa
 import SwiftUI
 import SecretKit
+import Brief
 
 @NSApplicationMain
 class AppDelegate: NSObject, NSApplicationDelegate {
@@ -66,7 +67,7 @@ class AppDelegate: NSObject, NSApplicationDelegate {
 
     @IBAction func runSetup(sender: AnyObject?) {
         let setupWindow = NSWindow(
-            contentRect: NSRect(x: 0, y: 0, width: 480, height: 300),
+            contentRect: NSRect(x: 0, y: 0, width: 0, height: 0),
             styleMask: [.titled, .closable, .miniaturizable, .resizable, .fullSizeContentView],
             backing: .buffered, defer: false)
         let setupView = SetupView() { success in

Secretive/Credits.rtf

@@ -0,0 +1,23 @@
+{\rtf1\ansi\ansicpg1252\cocoartf2511
+\cocoatextscaling0\cocoaplatform0{\fonttbl\f0\fswiss\fcharset0 Helvetica;}
+{\colortbl;\red255\green255\blue255;}
+{\*\expandedcolortbl;;}
+\margl1440\margr1440\vieww9000\viewh8400\viewkind0
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6119\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+{\field{\*\fldinst{HYPERLINK "https://github.com/maxgoedjen/secretive"}}{\fldrslt 
+\f0\fs24 \cf0 GitHub Repository}}
+\f0\fs24 \
+\pard\tx720\tx1440\tx2160\tx2880\tx3600\tx4320\tx5040\tx5760\tx6480\tx7200\tx7920\tx8640\pardirnatural\partightenfactor0
+\cf0 \
+{\field{\*\fldinst{HYPERLINK "GITHUB_BUILD_URL"}}{\fldrslt Build Log}}\
+\
+Special Thanks To:\
+{\field{\*\fldinst{HYPERLINK "https://github.com/bdash"}}{\fldrslt Mark Rowe}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/danielctull"}}{\fldrslt Daniel Tull}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/davedelong"}}{\fldrslt Dave DeLong}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/esttorhe"}}{\fldrslt Esteban Torres}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/joeblau"}}{\fldrslt Joe Blau}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/marksands"}}{\fldrslt Mark Sands}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/mergesort"}}{\fldrslt Joe Fabisevich}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/phillco"}}{\fldrslt Phil Cohen}}\
+{\field{\*\fldinst{HYPERLINK "https://github.com/zackdotcomputer"}}{\fldrslt Zack Sheppard}}}

Secretive/Info.plist

@@ -19,11 +19,11 @@
 	<key>CFBundleShortVersionString</key>
 	<string>$(CI_VERSION)</string>
 	<key>CFBundleVersion</key>
-	<string>$(CI_VERSION)</string>
+	<string>$(CI_BUILD_NUMBER)</string>
 	<key>LSMinimumSystemVersion</key>
 	<string>$(MACOSX_DEPLOYMENT_TARGET)</string>
 	<key>NSHumanReadableCopyright</key>
-	<string>Copyright © 2020 Max Goedjen. All rights reserved.</string>
+	<string>$(PRODUCT_NAME) is MIT Licensed.</string>
 	<key>NSMainStoryboardFile</key>
 	<string>Main</string>
 	<key>NSPrincipalClass</key>

Secretive/Preview Content/PreviewUpdater.swift

@@ -1,5 +1,6 @@
 import Foundation
 import Combine
+import Brief
 
 class PreviewUpdater: UpdaterProtocol {
 

Secretive/Views/ContentView.swift

@@ -1,5 +1,6 @@
 import SwiftUI
 import SecretKit
+import Brief
 
 struct ContentView<UpdaterType: UpdaterProtocol, AgentStatusCheckerType: AgentStatusCheckerProtocol>: View {
     
@@ -20,6 +21,7 @@ struct ContentView<UpdaterType: UpdaterProtocol, AgentStatusCheckerType: AgentSt
             if !agentStatusChecker.running {
                 agentNotice()
             }
+            if storeList.anyAvailable {
             NavigationView {
                 List(selection: $active) {
                     ForEach(storeList.stores) { store in
@@ -68,7 +70,10 @@ struct ContentView<UpdaterType: UpdaterProtocol, AgentStatusCheckerType: AgentSt
                     }
                 }
             }
-        }
+            } else {
+                NoStoresView()
+            }
+        }.frame(minWidth: 640, minHeight: 320)
     }
 
     func updateNotice() -> some View {

Secretive/Views/NoStoresView.swift

@@ -0,0 +1,29 @@
+//
+//  NoStoresView.swift
+//  Secretive
+//
+//  Created by Max Goedjen on 3/20/20.
+//  Copyright © 2020 Max Goedjen. All rights reserved.
+//
+
+import SwiftUI
+
+struct NoStoresView: View {
+    var body: some View {
+        VStack {
+            Text("No Secure Storage Available").bold()
+            Text("Your Mac doesn't have a Secure Enclave, and there's not a compatible Smart Card inserted.")
+            Button(action: {
+                NSWorkspace.shared.open(URL(string: "https://www.yubico.com/products/compare-yubikey-5-series/")!)
+            }) {
+                Text("If you're looking to add one to your Mac, the YubiKey 5 Series are great.")
+            }
+        }.padding()
+    }
+}
+
+struct NoStoresView_Previews: PreviewProvider {
+    static var previews: some View {
+        NoStoresView()
+    }
+}

Secretive/Views/SetupView.swift

@@ -9,12 +9,12 @@ struct SetupView: View {
     var body: some View {
         Form {
             SetupStepView<Spacer>(text: "Secretive needs to install a helper app to sign requests when the main app isn't running. This app is called \"SecretAgent\" and you might see it in Activity Manager from time to time.",
-                                index: 1,
-                                nestedView: nil,
-                                actionText: "Install") {
+                                  index: 1,
+                                  nestedView: nil,
+                                  actionText: "Install") {
                                     self.installLaunchAgent()
             }
-            SetupStepView(text: "You need to add a line to your shell config (.bashrc or .zshrc) telling SSH to talk to SecretAgent when it wants to authenticate. Drag this into your config file.",
+            SetupStepView(text: "Add this line to your shell config (.bashrc or .zshrc) telling SSH to talk to SecretAgent when it wants to authenticate. Drag this into your config file.",
                           index: 2,
                           nestedView: SetupStepCommandView(text: Constants.socketPrompt),
                           actionText: "Added") {
@@ -22,12 +22,12 @@ struct SetupView: View {
             }
             HStack {
                 Spacer()
-                    Button(action: { self.completion?(true) }) {
-                        Text("Finish")
-                    }
+                Button(action: { self.completion?(true) }) {
+                    Text("Finish")
+                }
                 .padding()
             }
-        }
+        }.frame(minWidth: 640, minHeight: 400)
     }
     
 }
@@ -64,10 +64,8 @@ struct SetupStepView<NestedViewType: View>: View {
                     Text(text)
                         .opacity(completed ? 0.5 : 1)
                         .lineLimit(nil)
-                        .frame(idealHeight: 0, maxHeight: .infinity)
                     if nestedView != nil {
-                        Spacer()
-                        nestedView!
+                        nestedView!.padding()
                     }
                 }
                 .padding()
@@ -87,16 +85,31 @@ struct SetupStepCommandView: View {
     let text: String
     
     var body: some View {
-        Text(text)
-            .font(.system(.caption, design: .monospaced))
-            .lineLimit(nil)
-            .frame(idealHeight: 0, maxHeight: .infinity)
-            .padding()
-            .background(Color(white: 0, opacity: 0.10))
-            .cornerRadius(10)
-            .onDrag {
-                return NSItemProvider(item: NSData(data: self.text.data(using: .utf8)!), typeIdentifier: kUTTypeUTF8PlainText as String)
+        VStack(alignment: .leading) {
+            Text(text)
+                .lineLimit(nil)
+                .font(.system(.caption, design: .monospaced))
+                .multilineTextAlignment(.leading)
+                .frame(minHeight: 50)
+            HStack {
+                Spacer()
+                Button(action: copy) {
+                    Text("Copy")
+                }
+            }
         }
+        .padding()
+        .background(Color(white: 0, opacity: 0.10))
+        .cornerRadius(10)
+        .onDrag {
+            return NSItemProvider(item: NSData(data: self.text.data(using: .utf8)!), typeIdentifier: kUTTypeUTF8PlainText as String)
+            
+        }
+    }
+    
+    func copy() {
+        NSPasteboard.general.declareTypes([.string], owner: nil)
+        NSPasteboard.general.setString(text, forType: .string)
     }
     
 }

SecretiveTests/SecretiveTests.swift

@@ -1,11 +1,3 @@
-//
-//  SecretiveTests.swift
-//  SecretiveTests
-//
-//  Created by Max Goedjen on 2/18/20.
-//  Copyright © 2020 Max Goedjen. All rights reserved.
-//
-
 import XCTest
 @testable import Secretive