Socket interface to Curve25519 ECDH from an OpenPGP card, using the SSH agent protocol. It's intended to be used with the OpenPGP Card WireGuard Go client, allowing a WireGuard private key to be stored on an OpenPGP card.
See the OpenPGP Card WireGuard Guide for a complete walkthrough of installation and usage of both agent and client.
Requires Python 3.8 or newer, and the pcsc-lite daemon.
Install prerequisites on Debian with the following packages:
apt install gcc libpcsclite-dev make pcscd python3-dev python3-venv swig
Or on Fedora:
dnf install findutils gcc make pcsc-lite pcsc-lite-devel python3-devel swig
Create a virtualenv with pyenv:
pyenv virtualenv 3.8.16 openpgpcard-x25519-agent
Activate the virtualenv:
pyenv local openpgpcard-x25519-agent
pip install tox
Install pre-commit and pre-push hooks:
tox exec -e lint -- pre-commit install
List all tox tasks you can run:
Run unit tests in watch mode:
tox -e watch
tox -e lint
Run agent listening at
sudo mkdir -p /var/run/wireguard && sudo chown $USER /var/run/wireguard tox -e agent -- -l -vv
Or run agent listening on test socket:
tox -e agent -- -l -s test.socket -vv
Prompt to cache PIN on agent:
tox -e client -- -p -t -vv
Clear PIN from agent listening on test socket:
tox -e client -- -c -s test.socket -vv
Copyright (c) 2023 Arcem Tene, Inc.
This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.
You should have received a copy of the GNU General Public License along with this program. If not, see https://www.gnu.org/licenses/.