Skip to content

Files

Latest commit

 

History

History
86 lines (60 loc) · 3.39 KB

wireguard-keys-initialization.md

File metadata and controls

86 lines (60 loc) · 3.39 KB

Wiregrade Keys initialization

Wireguard keys are now automatically generate by archipel CLI. You do not need anymore to generate them manually. They are all generate with archipel CLI. The following doc explaining how to generate them and how Wireguard keys works is on educational purpose only for curious developers.

The Archipel chain and services use a secure VPN Wireguard.

Subkey Tool

This shortcut can be used to generate and display public/private key pairs to use for the server or clients

docker run -it --rm cmulk/wireguard-docker:buster genkeys

Create a specific folder and generate key on a secure device with all securities regarding privates keys generation in crypto in general (internet cut-off etc ...).

Wireguard Archipel keys

The minimal nodes of an archipel is 3. You need to generate keys for this 3 nodes.

You can generate those keys step-by-step to understand better and repeat 3 times for the 3 nodes. There is also a full steps command line to generate quickly when you master it like a ninja.

Wireguard Archipel Step by step keys creation

docker run -it --rm cmulk/wireguard-docker:buster genkeys > archipel-node1-wg.keys 

repeat the same commands above for node 2 and node 3. Or use this shortcut loop :

Archipel Full steps keys creation

for i in `seq 1 3`; do echo "create wireguard keys archipel-node$i-wg" && docker run -it --rm cmulk/wireguard-docker:buster genkeys > archipel-node$i-wg.keys ; done

Archipel keys creation expected result

In your foder you must have now 3 files :

archipel-node1-wg.keys 
archipel-node2-wg.keys
archipel-node3-wg.keys

Matching archipel wireguard files keys with Archpel env variables

Private Key: 2APJn3Sj9bTG5NHWquj/L/bzLOjr0lcEyUZ/MRp/YlY=

  • WIREGUARD_PRIVATE_KEY=Private Key find into your archipel-node1|2|3-wg.keys file.

  • WIREGUARD_PEERS_PUB_ADDR='Public Key of archipel-node1-wg.keys','Public Key of archipel-node2-wg.keys ','Public Key of archipel-node3-wg.keys '

WIREGUARD_PEERS_PUB_ADDR are the same values for your 3 archipel nodes.

Lazy ? Here a utils commands to generate WIREGUARD_PEERS_PUB_ADDR value from files :

  • ARCHIPEL_KEY_SEED select line according to node number you whant to valorize
export WIREGUARD_PRIVATE_KEY=$(cat archipel-node1-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')

or

export WIREGUARD_PRIVATE_KEY=$(cat archipel-node2-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')

or

export WIREGUARD_PRIVATE_KEY=$(cat archipel-node3-wg.keys| grep Private| cut -d":" -f2| sed -e 's/^[[:space:]]*//')
  • WIREGUARD_PEERS_PUB_ADDR
export WIREGUARD_PUBLIC_KEY_1=$(cat archipel-node1-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
export WIREGUARD_PUBLIC_KEY_2=$(cat archipel-node2-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
export WIREGUARD_PUBLIC_KEY_3=$(cat archipel-node3-wg.keys | grep Public | cut -d":" -f2 | sed -e 's/^[[:space:]]*//')
echo $WIREGUARD_PUBLIC_KEY_1
echo $WIREGUARD_PUBLIC_KEY_2
echo $WIREGUARD_PUBLIC_KEY_3

To create WIREGUARD_PEERS_PUB_ADDR, manually concat WIREGUARD_PUBLIC_KEY_1, WIREGUARD_PUBLIC_KEY_3 and WIREGUARD_PUBLIC_KEY_3 separated by ,