How to verify a wireguard public key?

Nico Schottelius nico.schottelius at
Sat Dec 26 09:09:56 CET 2020

Matthias Urlichs <matthias at> writes:

> On 25.12.20 00:42, Adam Stiles wrote:
>> "How do I validate Curve25519 public keys?"
> You send a handshake packet to the owner of the corresponding private
> key and observe whether it accepted it.
> The question is, why do you think you need a different/additional way
> of verifying the public key?

That answer is easy: if you add an incorrect key to your wgX.conf, wg
setconf will complain and not apply it. And if you are providing
automated VPNs... well, then this is something you do want to prevent.



Modern, affordable, Swiss Virtual Machines. Visit

More information about the WireGuard mailing list