dsnet icon indicating copy to clipboard operation
dsnet copied to clipboard
verified publisher icon naggie

User keys master

Open xxxserxxx opened this issue 3 years ago • 3 comments

Replaces #77. This PR is based on the head of master and should merge cleanly without any extra changes. It also handles the CLI parameters in a more viper-ish way. In the bargain, it implements your todo code comment about allowing users to provide a public key.

This PR adds the ability to accept user-supplied private and public keys. The use case for public keys is obvious, but there's also a use case for private keys.

The WireGuard Android client does not allow two WireGuard configurations to be active at the same time. The wg-quick config format also only allows declaring one public key. Therefore, if a user wants to have two subnets active (on a mobile phone), then they have to re-use a private key.

The patch adds two (optional) parameters to Add -- --private-key and --public-key.

  • If either is provided, dsnet will prompt the user to enter the private and/or public key
  • If only a private key is provided, dsnet will generate the public key from the supplied private key
  • If only a public key is provided, dsnet will use an empty private key. This will result in a private key of AAAAA...AAAAA=, which the user will have to replace with their private key before using.
  • If both keys are provided, dsnet will use them both. It will also validate that the public and private key pairs match, by re-generating the public key.

I can't think of a reason why a user would provide both keys, but rather than disallow it, I have the code test the keys.

Example:

phaethusa ~ % sudo ./dsnet add -r mynode
private key: RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=
owner: Me
Description: My Phone

Do you want to add the above configuration? [y/n] y

[Interface]
Address=10.79.56.6/22
PrivateKey=RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=

[Peer]
PublicKey=U3RvcCB0cnlpbmchIFRoaXMgaXMgY2Vuc29yZWRlZGQ=
PresharedKey=VGhpcyBpcyBhIHNpbGx5IGJpdCBvZiB0ZXh0LiAwMTI=
Endpoint=my.server.net:51820
PersistentKeepalive=0
AllowedIPs=10.79.56.0/22

This feature is backwards compatible; if neither argument is provided, dsnet generates the keys itself.

xxxserxxx avatar Aug 12 '22 19:08 xxxserxxx

Thanks @xxxserxxx -- seems like a worthwhile change. I will put it through soon. @botto please take a look, too.

Sorry for the late reply, I've been swamped!

naggie avatar Sep 13 '22 20:09 naggie

Rebased from origin/master for a clean merge.

xxxserxxx avatar Nov 04 '22 14:11 xxxserxxx

Note if you try to merge both of my PRs, there'll be conflicts. If you merge one, I'll rebase and update the other to make it merge cleanly.

xxxserxxx avatar Nov 04 '22 14:11 xxxserxxx