init

README.md

@@ -0,0 +1,46 @@
+# WireGuard Configuration Generator
+
+A web-based tool for generating WireGuard VPN configurations with cryptographically secure key generation. Supports both **Hub-and-Spoke** and **Mesh Network** topologies.
+
+## TODO
+
+- QR Code generator for config
+- Download all config at once
+- Make `PresharedKey` and other options optional
+- Container
+- frontend rework (I hate frontend)
+
+## 🔐 Production-Ready Cryptography
+
+This project uses **real cryptographic implementations** suitable for production WireGuard deployments, not demonstration code.
+
+### Cryptographic Implementation
+
+#### **Libraries Used**
+- **[TweetNaCl.js v1.0.3](https://tweetnacl.js.org/)** - Audited, lightweight cryptographic library
+- **Web Crypto API** - Browser-native cryptographic operations when available
+- **HMAC-SHA256 Fallback** - Custom implementation for browsers without Web Crypto API
+
+#### Cryptographic Flow
+
+1. **Seed Generation/Input**
+   - Generate cryptographically secure 32-byte seed
+   - Or accept user-provided hex seed for reproducibility
+
+2. **Key Derivation**
+   - Use HKDF to derive keys from seed with unique salts
+   - Private keys: `HKDF(seed, "WireGuard v1 private key", key_index)`
+   - Preshared keys: `HKDF(seed, "WireGuard v1 preshared key", key_index)`
+
+3. **Public Key Generation**
+   - Apply Curve25519 scalar multiplication: `public = private * G`
+   - Where G is the Curve25519 base point
+
+4. **Key Validation**
+   - Verify key lengths (32 bytes each)
+   - Check private key clamping
+   - Confirm public key derivation
+
+# License
+
+WIP