How to verify a wireguard public key?

Nico Schottelius nico.schottelius at
Thu Dec 24 17:00:53 CET 2020

Good morning,

I am currently extending uncloud [0] to support wireguard tunnels and
keys. At the moment it is not entirely clear how to verify that a
certain string is a valid wireguard key.

I first tried checking that it is valid base64, but not all base64
strings are valid wireguard keys.

Then I tried using `echo $key | wg pubkey && echo ok` - which seems to
check the key format, however the intended behaviour here is misused.

Does anyone have a pointer on how to reliably identify wireguard public

Is the wireguard key always 32 bytes when decoded from base64? Tests
with a number of public keys seems to indicate that.

Best regards,



Modern, affordable, Swiss Virtual Machines. Visit

More information about the WireGuard mailing list