The private key is in kernel memory and is available via netlink and cli. ~Derrick • iPhone
> On Aug 24, 2019, at 12:01 PM, Andreas Karlsson <[email protected]> wrote: > >> On 8/24/19 4:08 PM, Matthias Urlichs wrote: >> Anyone with *root* access to the running machine can do that. They also >> can trivially read the kernel memory (if nothing else, by installing a >> module) and walk the kernel data structures to find the private and/or >> shared key. > > No, anyone with root access can only get the shared key used for encrypting > data, not the actual private key. The private key does never leave the device. > > Does this add enough extra security to be worth it? No idea. I haven't worked > much with systems like this, only a little bit with SSL and SmartCards. > > Andreas > _______________________________________________ > WireGuard mailing list > [email protected] > https://lists.zx2c4.com/mailman/listinfo/wireguard _______________________________________________ WireGuard mailing list [email protected] https://lists.zx2c4.com/mailman/listinfo/wireguard
