From: Reto <reto@labrat.space>
To: wireguard@lists.zx2c4.com
Subject: Re: Support FIDO2/CTAP2 security tokens as keystore
Date: Sun, 18 Aug 2019 19:09:28 +0200 [thread overview]
Message-ID: <20190818170928.ps2fymkisd4giefv@feather.localdomain> (raw)
In-Reply-To: <9ecf3b0f-a73f-52a3-b7b8-3b96a7e67eab@bartschnet.de>
On Sun, Aug 18, 2019 at 04:22:49PM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> currently the private key ist stored on HDD which is quite insecure.
What are you referring to?
Why do you consider a HDD insecure?
For starters, storing stuff on a hard disc is certainly not "quite insecure".
Are you aware that you can encrypt discs / partions / files?
Wireguard also allows you to set the private key on the fly, so you can feed it
for example secrets stored in pass (gpg encrypted), which you *can* decrypt with
a yubikey already.
Are you speaking specifically about wg-quick?
In that case the manpage already shows you how to feed wg encrypted secrets
> Or, perhaps it is desirable to store private keys in encrypted form, such as through
> use of pass(1):
> PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)
Of course pass is only an exapmple, use any way of decrypting the secret as you
see fit.
_______________________________________________
WireGuard mailing list
WireGuard@lists.zx2c4.com
https://lists.zx2c4.com/mailman/listinfo/wireguard
next prev parent reply other threads:[~2019-08-18 17:09 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-08-18 14:22 Support FIDO2/CTAP2 security tokens as keystore Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-18 17:09 ` Reto [this message]
2019-08-22 8:54 ` Rene 'Renne' Bartsch, B.Sc. Informatics
2019-08-23 6:19 ` Reto
2019-08-24 14:08 ` Matthias Urlichs
2019-08-24 19:01 ` Andreas Karlsson
2019-08-25 19:30 ` Derrick Lyndon Pallas
2019-08-26 14:34 ` Andreas Karlsson
2019-08-30 11:42 Nicolas Stalder
2019-08-30 18:00 ` Phil Hofer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190818170928.ps2fymkisd4giefv@feather.localdomain \
--to=reto@labrat.space \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).