[WireGuard] WireGuard key lifetime / keys in smartcard?

Jason A. Donenfeld Jason at zx2c4.com
Fri Jul 15 14:12:13 CEST 2016

Hey Daniel,

Thanks for the pointer.

Gniibe -- pleased to meet you. What's programming these things like?
How much effort do you suppose it would take me to produce a very
stripped-down firmware for one of these that has these simple USB

- load key from host input
- multiply loaded key by host input
- erase key

What's the X25519 implementation in general like? Any architecture
specific tricks required to avoid sidechannel attacks and such?


On Wed, Jul 13, 2016 at 11:01 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Wed 2016-07-13 10:21:43 +0200, Jason A. Donenfeld wrote:
>> The kernel's crypto API has all sorts of async methods of getting
>> things done, and I'm pretty sure this was built with smartcards and
>> HSMs in mind. In our case, we wouldn't be asking for a signature but
>> rather an X25519 multiplication from the device. I assume there's some
>> ugly code out there for javacard, but I'm not sure if there's any real
>> HSM for 25519. Something to look into... Using hardware to prevent key
>> heists strikes me as generally the most robust solution.
> it's not labeled officially an "HSM", but Gnuk is a USB hardware token
> capable of X25519 and guarded storage of secret key material:
>   http://www.fsij.org/doc-gnuk/
>   https://anonscm.debian.org/git/gnuk/gnuk/gnuk.git/tree/README
>   https://lists.alioth.debian.org/mailman/listinfo/gnuk-users
> It has an open hardware design (the small FST-01 [0]) and also targets
> the low-cost Olimex STM32-H103 [1].  It has a fully-free software stack
> for those who might want to hack it to be more wireguard-friendly.
> Access to the gnuk is usually routed through GnuPG, but it's clearly not
> limited to that.
> The author, Gniibe (cc'ed here), is helpful and responsive.  I'm sure if
> anyone tried to get the gnuk working with wireguard he would be happy to
> give pointers.
>     --dkg
> [0] http://www.seeedstudio.com/wiki/FST-01
>     https://shop.fsf.org/storage-devices/neug-usb-true-random-number-generator
>     https://www.seeedstudio.com/item_detail.html?p_id=1277
>     https://www.seeedstudio.com/item_detail.html?p_id=1276
> [1] https://www.olimex.com/Products/ARM/ST/STM32-H103/

More information about the WireGuard mailing list