User keys master - Githubissues

xxxserxxx commented 2 years ago

Replaces #77. This PR is based on the head of master and should merge cleanly without any extra changes. It also handles the CLI parameters in a more viper-ish way. In the bargain, it implements your todo code comment about allowing users to provide a public key.

This PR adds the ability to accept user-supplied private and public keys. The use case for public keys is obvious, but there's also a use case for private keys.

The WireGuard Android client does not allow two WireGuard configurations to be active at the same time. The wg-quick config format also only allows declaring one public key. Therefore, if a user wants to have two subnets active (on a mobile phone), then they have to re-use a private key.

The patch adds two (optional) parameters to Add -- --private-key and --public-key.

If either is provided, dsnet will prompt the user to enter the private and/or public key
If only a private key is provided, dsnet will generate the public key from the supplied private key
If only a public key is provided, dsnet will use an empty private key. This will result in a private key of AAAAA...AAAAA=, which the user will have to replace with their private key before using.
If both keys are provided, dsnet will use them both. It will also validate that the public and private key pairs match, by re-generating the public key.

I can't think of a reason why a user would provide both keys, but rather than disallow it, I have the code test the keys.

Example:

phaethusa ~ % sudo ./dsnet add -r mynode
private key: RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=
owner: Me
Description: My Phone

Do you want to add the above configuration? [y/n] y

[Interface]
Address=10.79.56.6/22
PrivateKey=RGlkIHlvdSB0aGluayBJIHdvdWxkIHBvc3QgYSBrZXk=

[Peer]
PublicKey=U3RvcCB0cnlpbmchIFRoaXMgaXMgY2Vuc29yZWRlZGQ=
PresharedKey=VGhpcyBpcyBhIHNpbGx5IGJpdCBvZiB0ZXh0LiAwMTI=
Endpoint=my.server.net:51820
PersistentKeepalive=0
AllowedIPs=10.79.56.0/22

This feature is backwards compatible; if neither argument is provided, dsnet generates the keys itself.

naggie commented 2 years ago

Thanks @xxxserxxx -- seems like a worthwhile change. I will put it through soon. @botto please take a look, too.

Sorry for the late reply, I've been swamped!

xxxserxxx commented 1 year ago

Rebased from origin/master for a clean merge.

xxxserxxx commented 1 year ago

Note if you try to merge both of my PRs, there'll be conflicts. If you merge one, I'll rebase and update the other to make it merge cleanly.

naggie commented 1 month ago

Thanks @xxxserxxx . Sorry it took so long to merge (years!) I kind of got burnt out on dsnet.

xxxserxxx commented 1 month ago

No problem. I frequently suffer from the same issue. It's especially hard when you maintain several different projects.

dsnet has been a big help, though. It's not as if configuring Wireguard subnets is difficult, but dsnet has nevertheless been a big help to me. I change the subnet infrequently enough that I have to re-learn how to do it every time, but often enough that it's a PITA; dsnet relieves this.

naggie commented 1 month ago

Glad to hear it helps! :-)

naggie / dsnet

User keys master #79