On 16.05.2018 14:53, reiner otto wrote: > Actually, in wg0.conf the private key is defined in clear text. Which allows > dump of physical disk to grab it > and to fake this client. So? If you have physical access to the peer's (unencrypted) disk you can do anything. Security is over. > Wouldn't it be safer, to cipher the private key somehow ? Where would you store the key for that?
If you need that kind of safety, encrypt the whole disk. Securing the private key doesn't help if you can simply subvert the binary that decrypts it. -- -- Matthias Urlichs _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
