[WireGuard] WireGuard key lifetime / keys in smartcard?
Jason A. Donenfeld
Jason at zx2c4.com
Fri Jul 15 14:12:13 CEST 2016
Thanks for the pointer.
Gniibe -- pleased to meet you. What's programming these things like?
How much effort do you suppose it would take me to produce a very
stripped-down firmware for one of these that has these simple USB
- load key from host input
- multiply loaded key by host input
- erase key
What's the X25519 implementation in general like? Any architecture
specific tricks required to avoid sidechannel attacks and such?
On Wed, Jul 13, 2016 at 11:01 AM, Daniel Kahn Gillmor
<dkg at fifthhorseman.net> wrote:
> On Wed 2016-07-13 10:21:43 +0200, Jason A. Donenfeld wrote:
>> The kernel's crypto API has all sorts of async methods of getting
>> things done, and I'm pretty sure this was built with smartcards and
>> HSMs in mind. In our case, we wouldn't be asking for a signature but
>> rather an X25519 multiplication from the device. I assume there's some
>> ugly code out there for javacard, but I'm not sure if there's any real
>> HSM for 25519. Something to look into... Using hardware to prevent key
>> heists strikes me as generally the most robust solution.
> it's not labeled officially an "HSM", but Gnuk is a USB hardware token
> capable of X25519 and guarded storage of secret key material:
> It has an open hardware design (the small FST-01 ) and also targets
> the low-cost Olimex STM32-H103 . It has a fully-free software stack
> for those who might want to hack it to be more wireguard-friendly.
> Access to the gnuk is usually routed through GnuPG, but it's clearly not
> limited to that.
> The author, Gniibe (cc'ed here), is helpful and responsive. I'm sure if
> anyone tried to get the gnuk working with wireguard he would be happy to
> give pointers.
>  http://www.seeedstudio.com/wiki/FST-01
>  https://www.olimex.com/Products/ARM/ST/STM32-H103/
More information about the WireGuard