[WireGuard] WireGuard key lifetime / keys in smartcard?
Nathaniel W Filardo
nwf at cs.jhu.edu
Wed Jul 13 01:14:38 CEST 2016
I am sure this is a completely ignorant question, but: I'd love to have a
wireguard host without direct access to its long-term identity keys to raise
the difficulty of silently spoofing/cloning a tunnel endpoint after host
compromise. I can see two possible ways forward, though I'm sure there are
1. Long-lived identity keys giving rise to shorter-lived keys. Wireguard
would, as part of the handshake, include the signature that attested the
short-term key as a legitimate product of the long-term key.
2. Long-lived keys not in host memory (e.g. in a smartcard). I don't know
if the kernel has an existing mechanism for upcalling to userland to
request a cryptographic transform, but it seems like a plausible thing to
want. (I'm aware of the request-key mechanism, but that doesn't seem
like what'd be wanted here.) Handshakes would be slow (limited by crypto
processor and upcall overhead) but otherwise the WireGuard protocol would
Thanks for a lovely piece of technology!
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 181 bytes
Desc: not available
More information about the WireGuard