Support FIDO2/CTAP2 security tokens as keystore

Phil Hofer phil at
Fri Aug 30 20:00:58 CEST 2019

>     If my understanding is correct, the bare minimum functionality is:

> -   store key non-extractably on device (unless you're Colin O'Flynn...)
>     (if there is an issue, just rotate the key)

> -   periodically do Curve25519 Diffie-Hellman to generate sessions keys
>     (that are revealed to the client, possibly with some sort of
>     transport layer security)

Are there HSMs out there that performs ECDHE fast enough
to make this reasonably DoS-proof?

The last HSM I worked with was a ("cheap," $650) YubiHSM that still
took a pretty long time (~250ms) to do ECDHE. Fine for cert
management, but no good for pointing at the internet.

An alternative that would tolerate slow HSMs would be to
periodically rotate the Wireguard host key with an attestation
from the HSM, but then you'd need an out-of-band key distribution

- Phil
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 477 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the WireGuard mailing list