Reflections on WireGuard Design Goals

Eisfunke nicolas at
Fri Aug 10 16:42:15 CEST 2018

Hello together,

> In the absence of that, it would be nice if the private key which is
> stored on the laptop were encrypted with a passphrase.  Simplest option
> may be to extend wg-quick so that the entire config file can be
> pgp-encrypted.

one can already do that via the wg-quick PostUp hook, check out the Arch Linux 

The example is using pass, switching it for direct GPG (or keepassxc or 
anything, really) should be easily possible.

Considering that possibility, I don't think adding GnuPG directly into 
Wireguard would be a good idea. It would just add complexity for little to no 

NIcolas Lenz

More information about the WireGuard mailing list