46 lines
1.5 KiB
Markdown
46 lines
1.5 KiB
Markdown
# WireGuard Configuration Generator
|
|
|
|
A web-based tool for generating WireGuard VPN configurations with cryptographically secure key generation. Supports both **Hub-and-Spoke** and **Mesh Network** topologies.
|
|
|
|
## TODO
|
|
|
|
- QR Code generator for config
|
|
- Download all config at once
|
|
- Make `PresharedKey` and other options optional
|
|
- Container
|
|
- frontend rework (I hate frontend)
|
|
|
|
## 🔐 Production-Ready Cryptography
|
|
|
|
This project uses **real cryptographic implementations** suitable for production WireGuard deployments, not demonstration code.
|
|
|
|
### Cryptographic Implementation
|
|
|
|
#### **Libraries Used**
|
|
- **[TweetNaCl.js v1.0.3](https://tweetnacl.js.org/)** - Audited, lightweight cryptographic library
|
|
- **Web Crypto API** - Browser-native cryptographic operations when available
|
|
- **HMAC-SHA256 Fallback** - Custom implementation for browsers without Web Crypto API
|
|
|
|
#### Cryptographic Flow
|
|
|
|
1. **Seed Generation/Input**
|
|
- Generate cryptographically secure 32-byte seed
|
|
- Or accept user-provided hex seed for reproducibility
|
|
|
|
2. **Key Derivation**
|
|
- Use HKDF to derive keys from seed with unique salts
|
|
- Private keys: `HKDF(seed, "WireGuard v1 private key", key_index)`
|
|
- Preshared keys: `HKDF(seed, "WireGuard v1 preshared key", key_index)`
|
|
|
|
3. **Public Key Generation**
|
|
- Apply Curve25519 scalar multiplication: `public = private * G`
|
|
- Where G is the Curve25519 base point
|
|
|
|
4. **Key Validation**
|
|
- Verify key lengths (32 bytes each)
|
|
- Check private key clamping
|
|
- Confirm public key derivation
|
|
|
|
# License
|
|
|
|
WIP
|