From: "Jason A. Donenfeld" <Jason@zx2c4.com>
To: Nico Schottelius <nico.schottelius@ungleich.ch>
Cc: wireguard@lists.zx2c4.com
Subject: Re: How to verify a wireguard public key?
Date: Fri, 25 Dec 2020 00:30:57 +0100 [thread overview]
Message-ID: <X+UkseUOEY1sVDEe@zx2c4.com> (raw)
In-Reply-To: <87k0t75h3e.fsf@ungleich.ch>
It's probably wisest to ignore differences between public keys and
private keys and set aside any structure they might have by virtue of
being related to elliptic curves, and instead just regard them as
32-byte strings encoded in base64. Not 31 bytes or 33 bytes, but exactly
32. This matters, because 32 does not divide evenly by .75, so there's a
padding character and the penultimate character does not include the
whole base64 alphabet. 43 base64 chars can represent up to 258bits,
which is more than 256bits. So, you can either validate this with a
base64 parser and checking that it returns exactly 32 bytes, or you can
match against this simple regex:
^[A-Za-z0-9+/]{42}[A|E|I|M|Q|U|Y|c|g|k|o|s|w|4|8|0]=$
You can convince yourself that's correct by running this for a while and
seeing that it never fails:
while true; do [[ $(head -c 32 /dev/urandom | base64) =~ ^[A-Za-z0-9+/]{42}[A|E|I|M|Q|U|Y|c|g|k|o|s|w|4|8|0]=$ ]] || echo "FAILURE"; done
The endings are valid because those are the only ones that don't end in
01, 10, or 11, so that the string doesn't exceed 256 bits. And again we
can have bash bruteforce those for us:
for i in {A..Z} {a..z} {0..9} + /; do a="AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA$i="; [[ $(echo $a|base64 -d|base64) == $a ]] && echo -n $i; done; echo
AEIMQUYcgkosw048
next prev parent reply other threads:[~2020-12-24 23:31 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-12-24 16:00 Nico Schottelius
2020-12-24 23:30 ` Jason A. Donenfeld [this message]
2020-12-24 23:42 ` Adam Stiles
2020-12-25 9:10 ` Nico Schottelius
2020-12-25 23:37 ` Matthias May
2020-12-25 23:47 ` Jason A. Donenfeld
2020-12-25 22:16 ` Matthias Urlichs
2020-12-26 8:09 ` Nico Schottelius
2020-12-26 9:03 ` Matthias Urlichs
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=X+UkseUOEY1sVDEe@zx2c4.com \
--to=jason@zx2c4.com \
--cc=nico.schottelius@ungleich.ch \
--cc=wireguard@lists.zx2c4.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).