Wireless fingerprint auth
for Mac and Linux.
A tiny wireless key that replaces passwords with your fingerprint. Screen unlock, sudo, SSH — one touch.
Buy immurok
Problem: No biometrics on desktop Mac and Linux.
Millions of developers have no fingerprint option at all.
They just type passwords. Every. Single. Time.
Mac desktop & clamshell MacBooks — Apple's only fix is a $199 keyboard. If you use a mechanical keyboard, you're out of luck.
Linux — fprintd exists, but few hardware to go with it.
What we need — an efficient, simple, elegant, and secure wireless fingerprint authenticator.
How it works
Three steps. Half a second. Zero passwords.
Touch
Place your finger on the capacitive sensor. Matched entirely on-device — biometric data never leaves the hardware.
Verify
Device sends an HMAC-SHA256 signed response over Bluetooth LE. The companion app verifies the signature with a shared key established during ECDH pairing.
Authenticate
The app handles authentication depending on context — PAM module for sudo and lock screen, SSH agent for Git signing and remote login.
Under the hood
PAM integration
Custom PAM module intercepts sudo, lock screen, and system auth prompts. Talks to the companion app via Unix socket — the app triggers fingerprint verification on the device and returns the result.
SSH agent & signing
ECDSA private key generated and stored on device. The companion app acts as an SSH agent — when a signature is requested, it forwards the challenge to the device, which signs after fingerprint confirmation.
Mutual authentication
ECDH P-256 key exchange during pairing establishes a shared secret. Every BLE message is signed with HMAC-SHA256 — the device authenticates to the app, and the app authenticates to the device.
Everything you need
Built for security, performance, and simplicity.
Screen unlock
Lock screen → touch → unlocked. Works with Mac mini, clamshell MacBooks, and Linux.
SSH & Git signing
Push commits signed with your fingerprint. On-device ECDSA private keys.
sudo & PAM
Replace sudo passwords with a fingerprint touch. Full PAM integration for macOS and Linux.
Months of battery
<30µA idle current. USB-C charging. The device sleeps until your finger wakes it.
ECDH + HMAC-SHA256
Secure pairing with P-256 key exchange. Every auth response is cryptographically signed.
Open-source app
macOS app and PAM module are fully open source. Audit it yourself.
Why immurok
The only standalone wireless fingerprint authenticator for Mac and Linux.
| Feature | immurok from TBD |
Magic Keyboard Touch ID · $199 |
USB dongles various |
|---|---|---|---|
| Mac mini / Mac Studio | ✓ | ✓ | ✗ |
| Clamshell mode | ✓ | ✓ | ✗ |
| Linux support | ✓ | ✗ | ✗ |
| Wireless | ✓ BLE | ✓ | ✗ |
| SSH Agent | ✓ | ✗ | ✗ |
| sudo / PAM | ✓ | ✓ macOS only | ✗ |
| Standalone (no keyboard) | ✓ | ✗ | ✓ |
| Open-source app | ✓ | ✗ | ✗ |
| Price | TBD | $199 | N/A |
Security by design
Your biometric data never leaves the device. No cloud. No account. No telemetry.
Private keys never leave the device
Fingerprint templates and crypto keys are stored on the device. Nothing is transmitted or stored on your computer.
No cloud. No account. No telemetry.
Zero network calls. Zero analytics. Works entirely offline via Bluetooth — no internet required.
ECDH pairing + signed firmware
ECDH P-256 key exchange for secure pairing. OTA firmware updates are cryptographically verified.
Open-source app & PAM module
macOS app and PAM module are on GitHub. Audit it yourself or have your security team review it.
Tech specs
Built for engineers, by engineers.
Hardware
| Processor | Custom embedded MCU |
| Connectivity | Bluetooth LE |
| Fingerprint sensor | Capacitive |
| Idle current | <30µA |
| Recognition time | <500ms |
| Battery | LiPo 300mAh (USB-C) |
| Battery life | ~3 months standby |
| Dimensions | 52 × 32 × 12 mm |
| Weight | 38g / 63g |
Software
| macOS App | Swift, macOS 13+ |
| PAM Module | C, open source |
| Firmware | C (bare-metal) |
| Security | ECDH + HMAC-SHA256 |
| Auth methods | Lock · sudo · SSH |
| Templates stored | Up to 10 fingers |
| Compatibility | macOS 13+ / Linux |
| Updates | OTA via macOS app |
| License | MIT (App & PAM) |
Simple, honest pricing
No subscription. No hidden fees. One device, forever.
- ✓ Fully assembled
- ✓ Polycarbonate shell
- ✓ macOS app included
- ✓ 1-year warranty
- ✓ Free firmware updates
- ✓ Everything in Developer
- ✓ CNC aluminum body
- ✓ Premium anodized finish
- ✓ 2-year warranty
- ✓ Priority support
Launching 2026. Join the waitlist to get early access.
For developers
Open-source macOS app and PAM module. Documented BLE API. Build your own integrations.
Menu bar app + PAM integration
PAM module for sudo & login
Full protocol docs for custom clients