On Sun, Aug 18, 2019 at 04:22:49PM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics wrote: > currently the private key ist stored on HDD which is quite insecure.
What are you referring to? Why do you consider a HDD insecure? For starters, storing stuff on a hard disc is certainly not "quite insecure". Are you aware that you can encrypt discs / partions / files? Wireguard also allows you to set the private key on the fly, so you can feed it for example secrets stored in pass (gpg encrypted), which you *can* decrypt with a yubikey already. Are you speaking specifically about wg-quick? In that case the manpage already shows you how to feed wg encrypted secrets > Or, perhaps it is desirable to store private keys in encrypted form, such as > through > use of pass(1): > PostUp = wg set %i private-key <(pass WireGuard/private-keys/%i) Of course pass is only an exapmple, use any way of decrypting the secret as you see fit. _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
