Boom, public key to private key the easy way. Now if the key was 2 bytes long or something, then it would be trivial to just output all the possibilities in a table and do a lookup. The tool in question is doing that, but showing only keys with x string within the first y characters of the public key. If one person runs it a million times today, each key is equally safe to use. If a million people each run wg genkey today, each key is equally safe to use. So it's like running "wg genkey" repeatedly. It's using the same underlying engine to generate valid keys. And it's not just generating key-like-strings. It's not enumerating all keys in some sequential method. But the key generation procedure uses a different random input each time it is invoked by the loop. But I gave you the benefit of the doubt that you were speaking programmatically - the tool does loop. It's your example! You said "if you looped through every pair until." which made me suspect that you were not thinking about it in the right way. So we can exchange info safely and generate a temporary shared key that we use to encrypt our connection. To do that you would need my private key. You can't use my public key to impersonate my wg host. If we're each wg peers, then we have each other's public keys. And it's why understanding Diffie-Hellman is important to this discussion.
That's why the use of the public and private keys is not at all like passwords and password hashes. That doesn't enable them to decrypt a message. That's why you can share your public key for something like PGP to the world, so that people can encrypt messages to you. It is not essential that it be kept secret. That's the whole underpinning of this sort of asymmetric cryptography. That's a really important point and one you seem to be missing, so here it is again: You can't use the public key to obtain the private key. A one way function is used to generate the public key. What's more, the public key is derived from the private key, but you can't obtain the private key from the public key. That's why the public key is not at all like a password as you seem to think it is. The private key is what you must have to unlock it. In the simplest of terms, the public key can only lock the box. But if you're really not joking, then I would recommend that you ponder on the meaning of the word "public" in the term public key, and then read this, this, and this closely. Ok, at this point I'm really not sure if you're pulling my leg or just really don't understand the basic underpinnings of asymmetric cryptography. Peer: xcvioxuyweruitjbngia8gyjksdfjkljkasdhfjklhÄŻor example, maybe something like this, where I've taken out the public key after peer and instead put in a name of the device. Peer: werulihasdjklfhasdjlfhasdjlkfhasdfasdfsd Peer: aserouasfljksdhfjklsdhfjklasdhfjklasdhjlkfsdjkl Transfer: 41.83 KiB received, 174.65 KiB sent Latest handshake: 3 minutes, 15 seconds ago Peer: asio awevjkfnasdjklfhhasduilfhlasdhfl Public key: asd fihasdjklfah sdfhasdjklfhasdjlkfh Is there a way to replace the public key as a label for each peer with a name instead? $ sudo wg show wg0 I know that I can display the output below, but when you have multiple peers, it's hard to keep track of which is which when the identifier is the public key.