Certain private keys being mangled by wg on FreeBSD

Jason A. Donenfeld Jason at zx2c4.com
Mon Jun 7 12:52:13 UTC 2021

On 6/7/21, Christian McDonald <rcmcdonald91 at gmail.com> wrote:
> One byproduct of this exercise was some code that I whipped
> up that can at least detect a clamped vs unclamped key. This might
> prove useful for informing a user of what is going on and thus
> eliminating this class of erroneous bug report entirely.

I'd recommend *not* introducing users to weird ideas like clamping or
key transformation. While learning new concepts and bit masking in PHP
is undoubtedly fun, those concerns shouldn't be user-facing. There's
nothing wrong or dangerous about unclamped scalars passed to a proper
25519 implementation, because the implementation will clamp on input.
Throwing an "X-vs-unX" distinction to users will just result in
pointless fear mongering nonsense. Instead just communicate the
identity of an interface by its public key, rather than its private
key. If you're not willing to hide or mask private keys (which you
really should), then at least deemphasize them?

More information about the WireGuard mailing list