[WireGuard] WireGuard key lifetime / keys in smartcard?

Daniel Kahn Gillmor dkg at fifthhorseman.net
Wed Jul 13 11:01:14 CEST 2016

On Wed 2016-07-13 10:21:43 +0200, Jason A. Donenfeld wrote:
> The kernel's crypto API has all sorts of async methods of getting
> things done, and I'm pretty sure this was built with smartcards and
> HSMs in mind. In our case, we wouldn't be asking for a signature but
> rather an X25519 multiplication from the device. I assume there's some
> ugly code out there for javacard, but I'm not sure if there's any real
> HSM for 25519. Something to look into... Using hardware to prevent key
> heists strikes me as generally the most robust solution.

it's not labeled officially an "HSM", but Gnuk is a USB hardware token
capable of X25519 and guarded storage of secret key material:


It has an open hardware design (the small FST-01 [0]) and also targets
the low-cost Olimex STM32-H103 [1].  It has a fully-free software stack
for those who might want to hack it to be more wireguard-friendly.

Access to the gnuk is usually routed through GnuPG, but it's clearly not
limited to that.

The author, Gniibe (cc'ed here), is helpful and responsive.  I'm sure if
anyone tried to get the gnuk working with wireguard he would be happy to
give pointers.


[0] http://www.seeedstudio.com/wiki/FST-01

[1] https://www.olimex.com/Products/ARM/ST/STM32-H103/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.zx2c4.com/pipermail/wireguard/attachments/20160713/525d1138/attachment-0001.asc>

More information about the WireGuard mailing list