Support FIDO2/CTAP2 security tokens as keystore
Reto
reto at labrat.space
Sun Aug 18 19:09:28 CEST 2019
On Sun, Aug 18, 2019 at 04:22:49PM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> currently the private key ist stored on HDD which is quite insecure.
What are you referring to?
Why do you consider a HDD insecure?
For starters, storing stuff on a hard disc is certainly not "quite insecure".
Are you aware that you can encrypt discs / partions / files?
Wireguard also allows you to set the private key on the fly, so you can feed it
for example secrets stored in pass (gpg encrypted), which you *can* decrypt with
a yubikey already.
Are you speaking specifically about wg-quick?
In that case the manpage already shows you how to feed wg encrypted secrets
> Or, perhaps it is desirable to store private keys in encrypted form, such as through
> use of pass(1):
> PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i)
Of course pass is only an exapmple, use any way of decrypting the secret as you
see fit.
More information about the WireGuard
mailing list