[WireGuard] WireGuard key lifetime / keys in smartcard?
Nathaniel W Filardo
nwf at cs.jhu.edu
Wed Jul 13 01:14:38 CEST 2016
I am sure this is a completely ignorant question, but: I'd love to have a
wireguard host without direct access to its long-term identity keys to raise
the difficulty of silently spoofing/cloning a tunnel endpoint after host
compromise. I can see two possible ways forward, though I'm sure there are
others!
1. Long-lived identity keys giving rise to shorter-lived keys. Wireguard
would, as part of the handshake, include the signature that attested the
short-term key as a legitimate product of the long-term key.
2. Long-lived keys not in host memory (e.g. in a smartcard). I don't know
if the kernel has an existing mechanism for upcalling to userland to
request a cryptographic transform, but it seems like a plausible thing to
want. (I'm aware of the request-key mechanism, but that doesn't seem
like what'd be wanted here.) Handshakes would be slow (limited by crypto
processor and upcall overhead) but otherwise the WireGuard protocol would
not change.
Thanks for a lovely piece of technology!
--nwf;
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160712/1bf07a57/attachment.asc>
More information about the WireGuard
mailing list