Lib.rs

Parser implementations
#key #wireguard #private-key #public-key #x25519 #generate #parse

wireguard-keys

Generate, parse and export WireGuard (x25519) keys

Owned by Patrick Elsen.

2 releases

0.1.1 Jun 6, 2022
0.1.0 Mar 31, 2022

#1678 in Parser implementations

Download history 84/week @ 2023-12-18 80/week @ 2023-12-25 71/week @ 2024-01-01 123/week @ 2024-01-08 74/week @ 2024-01-15 27/week @ 2024-01-22 84/week @ 2024-01-29 102/week @ 2024-02-05 7/week @ 2024-02-12 128/week @ 2024-02-19 55/week @ 2024-02-26 78/week @ 2024-03-04 112/week @ 2024-03-11 87/week @ 2024-03-18 145/week @ 2024-03-25 90/week @ 2024-04-01

442 downloads per month
Used in 2 crates

AGPL-3.0-only

21KB
436 lines

WireGuard Keys

This is a utility crate containing data structures relating to WireGuard. There are no builds for it, but the RustDoc documentation is published on every commit.

Resources:

To build this, you want to run make setup-git because it will use your SSH keys instead of asking for git credentials (and possibly requiring 2-factor authentication).

Features

By default, this crate only provides types for WireGuard keys (Pubkey, Privkey, Secret). These optional features can be enabled:

  • serde: serialization and deserialization capabilities (enabled by default).
  • hex: convert to and from hex (enabled by default).
  • base64: convert to and from base64 (enabled by default).
  • base32: convert to and from base32.
  • rocket: ability to parse WireGuard keys from HTTP requests in Rocket.
  • schema: ability to generate JSON schemas from the types.

lib.rs:

This crate allows for working with WireGuard keys. WireGuard uses asymmetric x25519 keys, which are represented by the [Privkey] and [Pubkey] types respectively. Private keys can be generated randomly, and their corresponding public key can be derived. Additionally, WireGuard allows using a preshared key as additional security layer, which is just a random 256-bit value. This is represented by the [Secret] type.

For security reasons, this crate uses the [Zeroize] trait to mark all types containing cryyptographically relevant information to be cleared on drop. The [x25519_dalek_fiat] crate is used for x25519 operations.

This crate allows for encoding keys in various ways. The crate supports base64, which is typically used by WireGuard, but hex and base32 can be enabled as well. Enabling encodings also enables parsing from that encoding.

The [serde] feature, which is enabled by default, adds serialize and deserialize support for WireGuard types. How these types are serialized depends on the format: when serializing into human-readable formats, such as JSON, the keys are serialized as base64-encoded strings. However, when serializing to binary formats such as Bincode, keys are serialized as raw bytes.

The optional schema feature adds information to the types allowing to generate JSON schema from them automatically using schemars.

Enabling the rocket feature adds the ability to parse any WireGuard types from a HTTP request using the FromParam trait.

Dependencies

~2–38MB
~562K SLoC