Nope, can't. Storing a Wireguard key on a Smartcard isn't possible, because current cards do not support the key format and algorithms Wireguard uses. Only RSA and ECDSA on NIST curves are available on Smartcards. And "reading" the key from the card would make the card useless, the important feature of a smartcard is that it doesn't ever make the key available for reading. Instead, the key is used for signing or decrypting _on the card_ only. If you can really read a key off of a smartcard, sue the manufacturer and never use the key or card again.
Wireguard uses perfect forward secrecy, so wouldn't signing the ephemeral session once with the hardware key do the job? Or do they need some more advanced operations that the devices don't expose?
No, you just need a signature. But an Ed25519 signature, which current commercially available smartcards just cannot do.
You could be hacking something together with a Nitrokey or maybe Yubikey, those can do Ed25519 signatures. But generally, you would need to fiddle a lot with the implementation, because currently signatures are done in the kernel module, and you'd need to get that into the USB-device for signing and back again. Not impossible, but not implemented yet.
Another way would (theoretically) be to implement different signature algorithms for the wireguard key exchange, ideally some that common smartcards do support. But wireguards author left out cryptographic agility on purpose, so any work in that direction will be incompatible with the original implementation, or at least a very ugly kludge.
WireGuard does not use Ed25519. Indeed, it does not use any public-key signature algorithms at all. The long-lived static key (the peer's public key, their identity) is a Curve25519 ECDH key.
Of course, there are smartcards that could do this, you're just not allowed to have them. Plenty of smartcards nowadays are just flash and an ARM core which theoretically could be programmed arbitrarily. These tend to be used for credit cards, etc. Of course they might have acceleration units for specific algorithms like NIST ECDSA but I'd be surprised if Ed25519 couldn't be accommodated.
Unfortunately they're all NDAware, so they may as well not exist. ...But of course I've written about my extensive issues with the smartcard industry before.
You'll have to write some glue code, but if all you need is standard Ed25519 signatures, current-gen Yubikeys can do this. Somebody's implemented a python library that does that here https://github.com/tschudin/sc25519
> Storing a Wireguard key on a Smartcard isn't possible, because current cards do not support the key format and algorithms Wireguard uses. Only RSA and ECDSA on NIST curves are available on Smartcards.
WireGuard seems to use symmetric key crypto for packet encdec. The card would need to sign only the handshake, which occurs "every few minutes"[1] and "is done based on time, and not based on the contents of prior packets"[1].
You only need to sign the packets in the key exchange on the card. The normal payload packets are protected by symmetric algorithms based on the ephemeral symmetric key generated in the key exchange, no need (and no use) to involve the smartcard there.
