You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The general idea would be to use ECDH with a secret key backend on a hardware security token/HSM/TPM to generate a PSK which we either use directly or as an input to Rosenpass (see #53).
This PSK would be rotated every handshake using some sort of sequence no (handshake to be designed).
stv0g
changed the title
Support hardware security tokens for preshared key rotation
Support hardware security tokens for WireGuard preshared key rotation
Aug 27, 2022
stv0g
changed the title
Support hardware security tokens for WireGuard preshared key rotation
Support hardware security tokens for WireGuard preshared key (PSK) rotation
Mar 5, 2023
stv0g
changed the title
Support hardware security tokens for WireGuard preshared key (PSK) rotation
Support hardware security tokens for preshared key (PSK) rotation
Mar 5, 2023
The general idea would be to use ECDH with a secret key backend on a hardware security token/HSM/TPM to generate a PSK which we either use directly or as an input to Rosenpass (see #53).
This PSK would be rotated every handshake using some sort of sequence no (handshake to be designed).
Existing work
ssh-agent
gpg-agent
OpenPGP smartcard via PSCD
Apple Secure Enclave
PKCS11 / OpenSC
TPM 2.0/1.1
Protocol/curve support for ECDH
Footnotes
Via OpenPGP application on ISO Smart Card Operating Systems ↩
https://en.wikipedia.org/wiki/OpenPGP_card ↩
https://pcsclite.apdu.fr/ ↩
https://github.com/OpenSC/OpenSC ↩
Apple's Secure Enclave developer docs ↩
Yubico's PKCS/11 module for Yubikeys: https://developers.yubico.com/yubico-piv-tool/YKCS11/ ↩
https://en.wikipedia.org/wiki/Curve25519 ↩
The text was updated successfully, but these errors were encountered: