There is no way to generate your own private key with Wireguard on Mullvad VPN. You must use their key generator which potentially means they have your private key. This is no good, many privacy minded people use this service and it is even recommended by privacytools.io. @jonah perhaps this is of concern to you.
@jonah Wireguard is absolutely excellent, you should look into it.
They can see your traffic with just the public key, but they would have no way to imitate you (or allow others to imitate you) without the private key. It is not a deal breaker as long as it is fixed in the long run, I assume they built the keygen tool this way to make it easy to use, but it is not ideal and is a security vulnerability.
@mister_monster I’m not aware of *any* VPN provider that lets you generate your own private key. I don’t see how this is a security vulnerability anyhow.
@jonah in Wireguard, your peer (which would be the VPN provider) *only* needs your public key to decrypt your packets and verify your identity. None should generate your private key for you or require you to provide it to them. This is asymmetric cryptography 101. Would you met an email service generate your PGP key for you?
@mister_monster yes but that is a different situation, because I don’t want my email provider reading my emails. In this situation, your VPN provider can read your traffic regardless, so it is moot.
@jonah yes but then they can sign messages as you when they are not from you. I trust Mullvad when they say they don't log traffic, but that is *trust*. If they're lying, and they can fake traffic from you, that is potentially very bad. The protocol was designed for each peer to *never* exchange private keys, only public keys. Yet here we have a private key being potentially shared. You don't think it is a security vulnerability that the VPN provider can potentially impersonate you?
@mister_monster I don’t know what you mean. Impersonate you where exactly?
@jonah alright, so you sign packets with your private key, send them to the peer, the peer decrypts them with the public key. If the peer has your private key, they can sign packets from you and "prove" that those packets came from you. If I had your PGP key I could sign messages from you and cryptographically prove that you created those messages. Same concept. Assymetric cryptography is just as much about establishing authenticity as it is protecting information.
@mister_monster
Only way to know how its all done in backend, maybe whole key generation process thing is encrypted using your account number, meaning that Mullvad doesn't even know your public keys, just their hashes, same with private keys
@jonah
@mister_monster @jonah
Okay, that doesn't make sence now that I think about it, they need your public key in clear to make connection. I guess there is some workaround, I don't think they store private keys in plaintext eitherway. They let you create your own private/public key pair on router configs,and they never ask for private key. So I guess in the ens there is some good explanation for this
@nikolal I'm hoping (and thinking it is very likely) that key generation is done client side in the browser, or in the mullvad app, and only the public key is sent to them.
@mister_monster Yeah, me too. I've been using mullvad over year, it would be such waste if they didn't do that properly
@mister_monster honestly I haven’t looked into WireGuard too much because I don’t use it myself. But presumably Mullvad can see all your traffic either way so I’m not sure it matters?