Hi everyone, Some people have been asking me about delivering configurations to users in the web browser. I usually try to keep sensitive crypto out of the browser, and I don't really approve of JavaScript crypto, but it struck me that in the absence of something better, commercial providers might be tempted to generate private keys server side using random(3) and send them to their poor users.
To preempt this mistake, I made this example code: https://git.zx2c4.com/WireGuard/tree/contrib/examples/keygen-html It generates a private key in the browser, makes a request to the server with the corresponding public key, and then creates a downloadable configuration file for the user. It's extremely simple. It's certainly better than generating keys server side, though it does come with these caveats: - Curve25519, for deriving the public key, is compiled using emscripten. Who knows what kind of code this actually generates, or what all those optimization options wind up doing. - explicit_bzero(3) isn't really a thing in JavaScript. - You have to trust window.crypto.getRandomValues(). If you don't, you could always hash together one block each of output from window.crypto.getRandomValues() and some /dev/urandom data delivered by the server. Or do that hilarious thing where you're asked to shake your mouse around inside a box to "make some randomness", but please don't actually do this; the 90s called and wants its DHTML snow flake mouse trails back. - JavaScript crypto is a pretty dubious proposition. On the plus side, one could imagine some pretty easy-to-use interfaces. Buttons like: [Download .zip of configurations for all locations] [Download .conf of us1] [Download .conf of nl1] [Download .conf of se1] So, it's there now. Do with it what you will. Regards, Jason _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
