On Thu, Aug 22, 2019 at 10:54:56AM +0200, Rene 'Renne' Bartsch, B.Sc. Informatics wrote: > Anyone with access to the running machine or malicious software can read the > keys on hard-disk.
No. That depends entirely on how you set it up. Permissions are a thing and you don't need to constantly keep the corresponding storage unlocked either. > How do you de-crypt the encrypted disk on a headless machine which has to > reboot autonomously on error conditions? How do you do that with a security token? It's the same issue really. Either allow ssh access without the tunnel or use a serial connection or vitalization thereof to unlock the secret and bring up the vpn. > The point of security-tokens is you never get access to the private key. Yes, my point is wg already allows you to do that, so what more do you need? _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
