this post was submitted on 27 Nov 2024
18 points (100.0% liked)

Proton

5555 readers
131 users here now

Empowering you to choose a better internet where privacy is the default. Protect yourself online with Proton Mail, Proton VPN, Proton Calendar, Proton Drive. Proton Pass and SimpleLogin.

Proton Mail is the world's largest secure email provider. Swiss, end-to-end encrypted, private, and free.

Proton VPN is the world’s only open-source, publicly audited, unlimited and free VPN. Swiss-based, no-ads, and no-logs.

Proton Calendar is the world's first end-to-end encrypted calendar that allows you to keep your life private.

Proton Drive is a free end-to-end encrypted cloud storage that allows you to securely backup and share your files. It's open source, publicly audited, and Swiss-based.

Proton Pass Proton Pass is a free and open-source password manager which brings a higher level of security with rigorous end-to-end encryption of all data (including usernames, URLs, notes, and more) and email alias support.

SimpleLogin lets you send and receive emails anonymously via easily-generated unique email aliases.

founded 2 years ago
MODERATORS
ProtonPrivacy
alex_herrero
Nelizea
18
Manually creating WireGuard keys for ProtonVPN? (lemmy.ml)
submitted 1 month ago by [email protected] to c/protonprivacy
0 comments fedilink hide all child comments
 

I'm trying to automate the creation of Wireguard profiles to connect to various Proton VPN servers. As far as I can tell, when you generate one online through account.proton.me:

  • The client generates a private key in-browser.
  • Client POSTs the corresponding public key, along with the chosen server and some other parameters, to /api/vpn/v1/certificate.
  • Server registers the given public key and returns the parameters that should be used to construct the config file.
  • Client combines returned parameters with the private key to create the final config file.

I am attempting to replicate this process with a key generated using wg:

wg genkey | tee privkey.key | wg pubkey > pubkey.key

However when sending this pubkey to the server (leaving everything else exactly as captured from a working in-browser request), it responds with:

{
  "Code": 2001,
  "Error": "Unable to read the key, please provide a valid EC key",
  "Details": {}
}

Replacing my custom pubkey with a pre-existing pubkey from a config generated through the Web UI instead returns ClientPublicKey fingerprint conflict, please regenerate a new key, so I don't think I'm messing up the request format.

My questions are:

  • Is there a better/more official way to do this? I couldn't find anything searching.
  • Why does this not work? Surely wg creates valid EC keys? Does Proton have some additional constraints on valid keys for some reason?

I don't have much (or really any) experience with WireGuard, so perhaps I'm missing something obvious? Any help would be appreciated.

no comments (yet)
sorted by: hot top controversial new old
there doesn't seem to be anything here