sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-19 00:46:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
35bd211f4a271d7ac6df8fd9a54c87271a6c6e38
netbird-docs/src/pages/how-to/enable-post-quantum-cryptography.mdx
pascal-fischer 35bd211f4a Add docs for post-quantum security with Rosenpass (#124)
2024-01-09 11:14:55 +01:00

56 lines
3.0 KiB
Plaintext
Raw Blame History

import {Note} from "@/components/mdx";
# Enable post-quantum cryptography
Post-quantum cryptography aims to mitigate risks associated with quantum computing's potential to undermine existing encryption methods.
Current concerns include the possibility of bad actors collecting encrypted network traffic to decrypt it once quantum computers become available.
This 'harvest and decrypt later' strategy threatens the confidentiality of presently secure communications.
[Rosenpass](https://rosenpass.eu), a post-quantum secure protocol, addresses these concerns by offering advanced cryptographic measures to protect VPN connections against such future threads.
## About Rosenpass
[Rosenpass](https://rosenpass.eu) is a post-quantum secure key-exchange protocol that enhances [WireGuard](https://www.wireguard.com/) VPNs against quantum computer attacks.
It employs advanced cryptographic methods [Classic McEliece](https://classic.mceliece.org) and [Kyber](https://pq-crystals.org/kyber/).
The software is [open-source](https://github.com/rosenpass/rosenpass) and designed for easy integration with existing WireGuard installations.
It ensures future-proof security against quantum threats by continuously generating and rotating WireGuard pre-shared keys every two minutes.
Rosenpass can also be used as a generic key-exchange mechanism for other protocols.
Starting [v0.25.4](https://github.com/netbirdio/netbird/releases), the NetBird agent runs an embedded Rosenpass server
that automatically rotates and applies WireGuard pre-shared keys to every point-to-point connection.
<Note>
NetBird uses a [Golang implementation](https://github.com/cunicu/go-rosenpass) of the Rosenpass protocol by the [cunīcu](https://cunicu.li) project.
</Note>
## Enable Rosenpass in NetBird
<Note>
This is still an experimental feature, may contain bugs, and is not supported on mobile devices.
</Note>
Rosenpass can be enabled by setting a flag on client start-up.
```bash
netbird up --enable-rosenpass
```
Rosenpass respects a provided pre-shared key and uses it for its initial key generation. It is possible to define a manually generated pre-shared key.
```bash
netbird up --enable-rosenpass --preshared-key <preshared-key>
```
This configuration is persistent and preserved by the agent during restarts.
<Note>
If the Rosenpass feature is enabled on a peer it will only be able to communicate with other peers that have Rosenpass enabled.
</Note>
## Disable Rosenpass
To disable Rosenpass again use the following command.
```bash
netbird down
netbird up --enable-rosenpass=false
```
## Get started
<p float="center" >
<Button name="button" className="button-5" onClick={() => window.open("https://netbird.io/pricing")}>Use NetBird</Button>
</p>
- Make sure to [star us on GitHub](https://github.com/netbirdio/netbird)
- Follow us [on Twitter](https://twitter.com/netbird)
- Join our [Slack Channel](https://join.slack.com/t/netbirdio/shared_invite/zt-vrahf41g-ik1v7fV8du6t0RwxSrJ96A)
- NetBird [latest release](https://github.com/netbirdio/netbird/releases) on GitHub
Reference in New Issue View Git Blame Copy Permalink