🚧 go-rosenpass has not been audited. Please use with care!
go-rosenpass is a port of Rosenpass to Go.
The implementation aims to be compatible with the reference implementation in Rust for the:
- on-wire protocol
- handshake parameters
- command-line interface
go-rosenpass distributes builds via GitHub Releases. You can download a pre-built binary from there.
go install cunicu.li/go-rosenpass/cmd@latest# Generate our own WireGuard key pair
WG_PRIVATE_KEY=$(wg genkey)
WG_PUBLIC_KEY=$(wg pubkey <<< ${WG_PRIVATE_KEY})
# Generate our own Rosenpass key pair
go-rosenpass gen-keys-intf wg0
# Show our details
echo "Your hostname: $(hostname)"
echo "Your WireGuard public key: ${WG_PUBLIC_KEY}"
# Query the peer details
read -p "Enter your peers hostname: " PEER
read -p "Enter your peers WireGuard public key: " WG_PUBLIC_KEY_PEER
# Exchange Rosenpass public key
scp /etc/wireguard/wg0/pqpk root@${PEER}:/etc/wireguard/wg0/${WG_PUBLIC_KEY//\//}.pqpk
# Generate wg-quick configuration
cat <<EOF >> /etc/wireguard/wg0.conf
[Interface]
PrivateKey = ${WG_PRIVATE_KEY}
ListenPort = 51820
PostUp = go-rosenpass exchange-intf %i & echo $! > /run/go-rosenpass.%i.pid
PreDown = pkill -F /run/go-rosenpass.%i.pid || true
[Peer]
PublicKey = ${WG_PUBLIC_KEY_PEER}
Endpoint = ${PEER}:51820
EOF
# Bring connection up
wg-quick up wg0- https://github.com/rosenpass/rosenpass
- https://rosenpass.eu/
- https://media.ccc.de/v/eh20-4-rosenpass-ein-vpn-zum-schutz-vor-quantencomputern
- Steffen Vogel (@stv0g)
go-rosenpass is licensed under the Apache 2.0 license.
- SPDX-FileCopyrightText: 2023 Steffen Vogel post@steffenvogel.de
- SPDX-License-Identifier: Apache-2.0