OK I'm trying to setup Mullvad and apparently there is no way to import your public key, only to paste your PRIVATE key into a website and have them derive the public key from that with js?? WTF.
Does anyone have a workaround for this?
Conversation
Notices
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:05:17 JST 
Rich Felker
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:12:54 JST
Rich Felker
Like, unless they're serving backdoored js, it's not a security problem per se, but it's utterly bad security hygiene to paste a private key *anywhere*.
I understand they're trying to make it newb-friendly by generating a config file for you containing your private key.
But that is NOT HOW CRYPTOGRAPHY WORKS.
🤦 🤦 🤦 🤦 🤦 🤦 🤦 🤦 🤦 🤦
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:16:47 JST
Rich Felker
The obvious fix is a patch to their javascript to remove the scalarmult that's applied to the key you enter in the textbox so it uses it directly as a public key rather than treating it as a private key and trying to derive a public key from it.
(Then of course you have to edit the config file it generates for you to remove where it put your public key in a place that was supposed to hold a private key, but that's a step you're supposed to need to do anyway, except for the "removing something that wasn't supposed to be prefilled for you to begin with" step.)
But I'm bad at browser hacking/js stuff.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:19:37 JST
Rich Felker
@mhoye The public key is a deterministic function of the private one. That's how pubkey cryptography always inherently works.
The problem is that their js is asking for your private key and doing the derivation itself, rather than asking for your public key, because they want to paste your private key into the wg config file they auto-generate for you.
Rather than just letting you add a pubkey and write the config file yourself with the private key only you know.
-
Embed this notice
mhoye (temporarily spooky) (mhoye@mastodon.social)'s status on Tuesday, 30-Sep-2025 02:19:38 JST 
mhoye (temporarily spooky)
@dalias Um... maybe I don't understand the tech but my understanding is that you should absolutely not be able to derive one part of a public/private keypair from the other. That statement does not align with my understanding of how anything works.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:26:52 JST
Rich Felker
@mhoye For Curve25519, the public key is literally 9 times the private key*.
* For a particular sense of "9" and "times". 😁
-
Embed this notice
mhoye (temporarily spooky) (mhoye@mastodon.social)'s status on Tuesday, 30-Sep-2025 02:26:53 JST
mhoye (temporarily spooky)
@dalias I've got some reading to do, I guess.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:29:11 JST
Rich Felker
@mhoye For RSA it's also the case. The public key is the product of the two secret primes.
-
Embed this notice
mhoye (temporarily spooky) (mhoye@mastodon.social)'s status on Tuesday, 30-Sep-2025 02:29:12 JST
mhoye (temporarily spooky)
@dalias Ah, I was thinking in terms of RSA.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 02:30:26 JST
Rich Felker
@mhoye Public key cryptography is such an epic mathematical flex. It's saying "here, I did some utterly trivial math, and I'm confident af you can't reverse it".
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 03:08:50 JST
Rich Felker
@benjistokman @mhoye Indeed wg is intended to use separate keypairs per connection. But it's still unsafe to be pasting private keys or letting some js in the browser generate your key.
-
Embed this notice
Ben Stokman (benjistokman@mast.benstokman.me)'s status on Tuesday, 30-Sep-2025 03:08:54 JST 
Ben Stokman
@mhoye @dalias the web UI should be fixed to allow for people to only provide their public key, and then put a PASTE_PRIVKEY_HERE in the autogenerated config. This is very technically feasible.
Casandrich, you should consider using a separate keypair while connecting to Mullvad. They give you a specific 10. IP address anyway there likely isn't a reason to need a specific keypair for that connection.
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 03:15:08 JST
Rich Felker
@benjistokman @mhoye I don't even think they should have the "paste a private key" option they have now. They choices should be:
1. "Generate a private key. This is trusting our javascript running in your browser to do so securely and not to send it to us or any other party."
2. "Generate your own private key and paste the public key here. The configuration file generated will be incomplete since you have not shared your private key. You will need to edit it to insert your private key into the provided place."
-
Embed this notice
Rich Felker (dalias@hachyderm.io)'s status on Tuesday, 30-Sep-2025 03:20:47 JST
Rich Felker
@benjistokman @mhoye I wasn't clear whether you were saying there should be a third option, or whether the second option should be replaced.
-
Embed this notice
Ben Stokman (benjistokman@mast.benstokman.me)'s status on Tuesday, 30-Sep-2025 03:20:49 JST
Ben Stokman
-
Embed this notice
All GNU social JP content and data are available under the