Hello together, > In the absence of that, it would be nice if the private key which is > stored on the laptop were encrypted with a passphrase. Simplest option > may be to extend wg-quick so that the entire config file can be > pgp-encrypted.
one can already do that via the wg-quick PostUp hook, check out the Arch Linux wiki: https://wiki.archlinux.org/index.php/ WireGuard#Store_private_keys_in_encrypted_form The example is using pass, switching it for direct GPG (or keepassxc or anything, really) should be easily possible. Considering that possibility, I don't think adding GnuPG directly into Wireguard would be a good idea. It would just add complexity for little to no benefit. Greetings, NIcolas Lenz _______________________________________________ WireGuard mailing list WireGuard@lists.zx2c4.com https://lists.zx2c4.com/mailman/listinfo/wireguard