I was wondering if I could use Wireguard's keys to sign messages, and prove authenticity of a node that runs Wireguard with its known public key from other nodes, so that I can use it in a system to prove something originated from a certain node and wasn't injected in some other way.
I came across Encrypt text message with Wireguard public key but I didn't really want to encrypt anything, just prove authenticity based on the known public key that other nodes will have.
Background: I'm trying to build a federating VPN manager that should allow for building large groups of large virtual networks for use with a container/VM manager, and I'm trying to find an easy way to create node (message) authentication, preferably without building my own complete public/private key infrastructure from scratch; if I would be able to reuse Wireguard's generated keys that would simplify a lot of aspects of my system. But I don't know if this is possible to do in a safe way, or if it's possible at all to begin with.
Edit: I just found that I can load Wireguard's Curve25519 key as Ed25519 key with Python's Cryptography libraries, and use that to sign messages ... Whether that's a good idea, I'm very curious to hear others confirm or deny. Here's the Python I used to test it:
import base64
from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
example WireGuard private key I just generated and won't reuse
wireguard_private_key_base64 = '0NyWpZKre0PLTnE0qz/07B5rhZvsQJIm6MS3CxuEHVA='
Decode the Base64-encoded WireGuard private key
wireguard_private_key_bytes = base64.urlsafe_b64decode(wireguard_private_key_base64 + '==')
'convert' to Ed25519 private key
try:
ed25519_private_key = Ed25519PrivateKey.from_private_bytes(wireguard_private_key_bytes)
message = b"Example message to sign"
# sign message
signature = ed25519_private_key.sign(message)
# printing the signature in base64 so it's more portable/readable
print("Signature (Base64):", base64.b64encode(signature).decode())
except ValueError as e:
print("Error:", e)
Edit2: I just realized I can't just use the wireguard public key to verify the messages in that case, because Ed25519 derives keys slightly differently (it hashes them first). Someone suggested I could try run a modified Ed25519 without the hashing... but also there not sure if that's a good security practice, and maybe it's also just lower effort if I just derive the Ed25519 public key from the private key right away and send it to the server to store it, or use other pub/private keys to begin with.. unless someone knows a way to make it work.
