Support FIDO2/CTAP2 security tokens as keystore

Andreas Karlsson andreas at
Mon Aug 26 16:34:25 CEST 2019

On 8/25/19 9:30 PM, Derrick Lyndon Pallas wrote:
> The private key is in kernel memory and is available via netlink and cli.

Obviously, but my assumption was that the reason Rene wanted FIDO 
support was to move the private key out from the kernel memory and into 
an external device. Otherwise there would not be any real benefit from 
using FIDO.

Personally I doubt the benefit you get from moving the private key out 
to an external device would be worth to effort, but then I have no 
interest in FIDO support myself.


More information about the WireGuard mailing list