Support FIDO2/CTAP2 security tokens as keystore
Andreas Karlsson
andreas at proxel.se
Mon Aug 26 16:34:25 CEST 2019
On 8/25/19 9:30 PM, Derrick Lyndon Pallas wrote:
> The private key is in kernel memory and is available via netlink and cli.
Obviously, but my assumption was that the reason Rene wanted FIDO
support was to move the private key out from the kernel memory and into
an external device. Otherwise there would not be any real benefit from
using FIDO.
Personally I doubt the benefit you get from moving the private key out
to an external device would be worth to effort, but then I have no
interest in FIDO support myself.
Andreas
More information about the WireGuard
mailing list