GPG encrypted WLAN

Registered by Crispin Kirchner on 2007-05-12

Why not use GPG for WLAN encryption? This may be possible with routers running under Linux and having enough CPU power.

The idea: The router knows which WLAN-user owns which GPG-key. Data Packets travelling through the wireless lan are encrypted by the router with the public GPG key of the user to whom the packet should go.

When a new user joins the WLAN, an administrator tells the router the key number and MAC-Adress of the new user. The router downloads the key from a keyserver and identifies the new user by his MAC-Adress. It now encrypts the data packets for the new user with his GPG key. Only the person owning the key will be able to decrypt the packets. The new user is ready to go in a few minutes and the wlan security is dramatically increased because every user has his own key.

To secure the administration area to add new users, the administration control panel may be only available via an ethernet cable to the router and secured by a password or the administrator once tells the router over the ethernet cable who he is (MAC-Adress and GPG-key) and then is able to add or delete users via WLAN.

The faking of MAC-Adresses is not effective anymore because the intruder has to own the secret key and know the password for it.

Someone who knows more than me, please think of it, its only an idea and i don't know if it's possible to put into reality.

Blueprint information

Not started
Needs approval
Series goal:
Milestone target:

Related branches



I really think something of this sort would be rather far-fetched. Sure it's a good idea and everything, but something of this sort would require implementation not only in the wireless clients, but also the wireless access points as well. What this means is that you would have to obtain a GPG-enabled router (if one exists), or a GPG-enabled firmware for a router (which would be third-party and hence void your warranty should you use it). - hyperair


Work Items

This blueprint contains Public information 
Everyone can see this information.