WIRESEP-KEYGEN(1) | General Commands Manual | WIRESEP-KEYGEN(1) |
wiresep-keygen
—
key generator for WireSep
wiresep-keygen |
[-o dir]
tunN |
wiresep-keygen |
[-o dir]
-s global |
wiresep-keygen |
[-o dir]
-s tunN
[peer ...] |
wiresep-keygen
can generate the two
different types of keys that are used by wiresep(8) which
are a private key or a pre-shared key. Each tunnel interface should have
exactly one private key generated for it. Pre-shared keys can be used in
different scopes, namely global, per interface or per peer. The use of
pre-shared keys is optional in WireGuard, but when used add an additional
layer of security that is quantum-proof.
In the first synopsis wiresep-keygen
generates a private key. By default the key is stored in
/etc/wireguard unless overridden with
-o
. The name of the file is
tunN.privkey where tunN is the
name of an interface, i.e. tun0.
In the second synopsis a global pre-shared key is generated that
can be used on all configured interfaces with all peers that have no more
specific overrides. By default the key is stored in
/etc/wireguard/global.psk unless
-o
is used with a different
dir.
In the third synopsis a pre-shared key is generated that is used
for the specific tunN only, or with the specified
peer on tunN only. By default
the key for an interface is stored in
/etc/wireguard/tunN.psk unless
-o
is used with a different
dir. If any peer is specified
then the key is stored in
/etc/wireguard/tunN.peer.psk and override any
interface specific or global pre-shared keys.
The wiresep-keygen
utility exits 0
on success, and >0 if an error occurs.
Tim Kuijsten
March 30, 2020 | OpenBSD 6.6 |