Support FIDO2/CTAP2 security tokens as keystore

Matthias Urlichs matthias at
Sat Aug 24 16:08:59 CEST 2019

On 22.08.19 10:54, Rene 'Renne' Bartsch, B.Sc. Informatics wrote:
> Anyone with access to the running machine or malicious software can
> read the keys on hard-disk. 

Anyone with *root* access to the running machine can do that. They also
can trivially read the kernel memory (if nothing else, by installing a
module) and walk the kernel data structures to find the private and/or
shared key.

IMHO: if your threat model includes randomly subverted systems in your
network, you have problems that wireguard cannot fix.

-- Matthias Urlichs

More information about the WireGuard mailing list