- Notifications
You must be signed in to change notification settings - Fork5
jcarrano/wg-keygen-notrust
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Browser-based, offline-capable, client-side, trustless
These are content-addressed, so you can trust the content does not change. Thereare two hashes, one with files stored as UnixFS, and another with files storedas raw data:
Gateway links:
- https://flk-ipfs.xyz/ipfs/bafybeiguzvr2ntejejphl2uktl726qkjqzpvoguifn4ymellaqjdlvghbq
- https://ipfs.io/ipfs/bafybeiguzvr2ntejejphl2uktl726qkjqzpvoguifn4ymellaqjdlvghbq
Note that this link is not content-addressed, so here you should trust me.
This is a website that can generate a Wireguard keypair. The useris given two files to download: a wireguard config with his private key (and additional parameters),to load into his VPN software, and a "fragment", which is a[Peer] section that hemust send to the server administrator.
AT NO POINT IS ANY EXTERNAL SERVER CONTACTED. KEYS NEVER LEAVE THE USER'S COMPUTER UNTILTHEY EXPLICITLY SEND THE FRAGMENT TO THE SEVER ADMIN.
Compared to other online key generators out there, this one does not require you totrust me (the author) or the person running the webserver.
- You don't have to trust me because the code is small and clear. You can review andaudit it from the point where I imported Jason Donenfeld's code through allthe additions I made.
- You do not have to trust the webserver not to tamper with the site because itis hosted on IPFS, which iscontent-addressed,so if the address/hash is the same, the content is the same.
Alternatively, you could host the site yourself.
A single-file version with embedded scripts is available under the "single-file"branch, however it does not work on IPFS gateways due the content-securitypolicy.
When setting up a Wireguard VPN server you have two choices:
- Generate the private keys yourself and send them to users, in whichcase the files must be send under a secure (private, authenticated) channel(i.e. NOT email).
- Users can generate a keypair and send the server admin the public key overan authenticated (but not necessarily private) channel, in which case theyneed to have the technical know how to use the command line tools and tobuild a configuration file.
This website allows users to generate their own keys and configuration files withno special knowledge required..
The VPN admin fills in the form fields and clicks "save", which generates a URLwith the parameters saved inside the query string. Upon opening this URL the form willbe pre-filled.
The admin sends the URL to users, which generate the keys and send the "ServerFragment" back to the admin. An email address can optionally be specified,which will enable a "mailto" link to directly mail the fragment back to theadmin.
This code is licensed under the GNU GPLv2, since that was the license of theoriginal JS code. I would like a more permissive license.
About
Wireguard Key Generator, web-based, client-side, trustless