CaffeineFueled/wireguard-config-generator
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wireguard-config-generator/README.md
CaffeineFueled fd1d199ae8 init
2025-06-20 17:00:06 +02:00

1.5 KiB
Raw Permalink Blame History

WireGuard Configuration Generator

A web-based tool for generating WireGuard VPN configurations with cryptographically secure key generation. Supports both Hub-and-Spoke and Mesh Network topologies.

TODO

  • QR Code generator for config
  • Download all config at once
  • Make PresharedKey and other options optional
  • Container
  • frontend rework (I hate frontend)

🔐 Production-Ready Cryptography

This project uses real cryptographic implementations suitable for production WireGuard deployments, not demonstration code.

Cryptographic Implementation

Libraries Used

  • TweetNaCl.js v1.0.3 - Audited, lightweight cryptographic library
  • Web Crypto API - Browser-native cryptographic operations when available
  • HMAC-SHA256 Fallback - Custom implementation for browsers without Web Crypto API

Cryptographic Flow

  1. Seed Generation/Input

    • Generate cryptographically secure 32-byte seed
    • Or accept user-provided hex seed for reproducibility

  2. Key Derivation

    • Use HKDF to derive keys from seed with unique salts
    • Private keys: HKDF(seed, "WireGuard v1 private key", key_index)
    • Preshared keys: HKDF(seed, "WireGuard v1 preshared key", key_index)

  3. Public Key Generation

    • Apply Curve25519 scalar multiplication: public = private * G
    • Where G is the Curve25519 base point

  4. Key Validation

    • Verify key lengths (32 bytes each)
    • Check private key clamping
    • Confirm public key derivation

License

WIP