[WireGuard] WireGuard key lifetime / keys in smartcard?

Nathaniel W Filardo nwf at cs.jhu.edu
Wed Jul 13 01:14:38 CEST 2016

I am sure this is a completely ignorant question, but: I'd love to have a
wireguard host without direct access to its long-term identity keys to raise
the difficulty of silently spoofing/cloning a tunnel endpoint after host
compromise.  I can see two possible ways forward, though I'm sure there are

1. Long-lived identity keys giving rise to shorter-lived keys.  Wireguard
   would, as part of the handshake, include the signature that attested the
   short-term key as a legitimate product of the long-term key.

2. Long-lived keys not in host memory (e.g. in a smartcard).  I don't know
   if the kernel has an existing mechanism for upcalling to userland to
   request a cryptographic transform, but it seems like a plausible thing to
   want.  (I'm aware of the request-key mechanism, but that doesn't seem
   like what'd be wanted here.)  Handshakes would be slow (limited by crypto
   processor and upcall overhead) but otherwise the WireGuard protocol would
   not change.

Thanks for a lovely piece of technology!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160712/1bf07a57/attachment.asc>

More information about the WireGuard mailing list