Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User keys master #79

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

User keys master #79

wants to merge 7 commits into from

Conversation

xxxserxxx
Copy link
Contributor

Replaces #77. This PR is based on the head of master and should merge cleanly without any extra changes. It also handles the CLI parameters in a more viper-ish way. In the bargain, it implements your todo code comment about allowing users to provide a public key.

This PR adds the ability to accept user-supplied private and public keys. The use case for public keys is obvious, but there's also a use case for private keys.

The WireGuard Android client does not allow two WireGuard configurations to be active at the same time. The wg-quick config format also only allows declaring one public key. Therefore, if a user wants to have two subnets active (on a mobile phone), then they have to re-use a private key.

The patch adds two (optional) parameters to Add -- --private-key and --public-key.

  • If either is provided, dsnet will prompt the user to enter the private and/or public key
  • If only a private key is provided, dsnet will generate the public key from the supplied private key
  • If only a public key is provided, dsnet will use an empty private key. This will result in a private key of AAAAA...AAAAA=, which the user will have to replace with their private key before using.
  • If both keys are provided, dsnet will use them both. It will also validate that the public and private key pairs match, by re-generating the public key.

I can't think of a reason why a user would provide both keys, but rather than disallow it, I have the code test the keys.

Example:

phaethusa ~ % sudo ./dsnet add -r mynode
private key: RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=
owner: Me
Description: My Phone

Do you want to add the above configuration? [y/n] y

[Interface]
Address=10.79.56.6/22
PrivateKey=RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=

[Peer]
PublicKey=U3RvcCB0cnlpbmchIFRoaXMgaXMgY2Vuc29yZWRlZGQ=
PresharedKey=VGhpcyBpcyBhIHNpbGx5IGJpdCBvZiB0ZXh0LiAwMTI=
Endpoint=my.server.net:51820
PersistentKeepalive=0
AllowedIPs=10.79.56.0/22

This feature is backwards compatible; if neither argument is provided, dsnet generates the keys itself.

@naggie
Copy link
Owner

naggie commented Sep 13, 2022

Thanks @xxxserxxx -- seems like a worthwhile change. I will put it through soon. @botto please take a look, too.

Sorry for the late reply, I've been swamped!

@xxxserxxx
Copy link
Contributor Author

Rebased from origin/master for a clean merge.

@xxxserxxx
Copy link
Contributor Author

Note if you try to merge both of my PRs, there'll be conflicts. If you merge one, I'll rebase and update the other to make it merge cleanly.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@xxxserxxx @naggie