Device Lock
Prevent unauthorized VPN peers from joining using Ed25519 cryptographic device verification.
Overview
Device Lock is a cryptographic device verification feature inspired by Tailnet Lock. It signs target WireGuard public keys with the operator's Ed25519 key pair, preventing unauthorized devices from joining the mesh even if an enrollment token is compromised.
Authority (Ed25519 keypair)
└─ Sign(WG public key + host ID) → DeviceSignature
└─ Stored in TrustStore
└─ Verified at SSH connection timeSetup
Generate Authority Key Pair
nefia device-lock initThe private key is stored in the OS keyring (macOS Keychain / Windows Credential Manager / Linux Secret Service). A trust store is created at device_lock.json, and device_lock.mode: "log" is enabled in the configuration file.
Sign a Host
Sign the WireGuard public key of a host that has already joined the VPN.
nefia device-lock sign web-01Signature message format (binary, length-prefixed):
"nefia-device-lock-v1" || uint32BE(len(wgPubKey)) || wgPubKey || uint32BE(len(hostID)) || hostID || uint32BE(len(ts)) || tsEach field is preceded by a 4-byte big-endian length prefix to prevent delimiter injection. The timestamp (ts) is formatted as RFC 3339 with nanosecond precision.
Verify All Hosts
nefia device-lock verify| Host | WG Public Key | Status | Reason |
|---|---|---|---|
| web-01 | abc123... | trusted | — |
| db-01 | def456... | untrusted | No signature |
| staging | — | no_vpn | VPN not configured |
Operating Modes
| Mode | Behavior |
|---|---|
log | Untrusted devices generate a warning log only; connections are allowed |
enforce | Untrusted devices are denied connection (ErrDeviceLockDenied) |
Revoking a Device
To revoke trust for a host:
nefia device-lock revoke web-01The WireGuard public key is added to the revocation list, and subsequent connections are denied.
Checking Status
nefia device-lock statusDisplays the authority's public key fingerprint, enabled/mode state, number of trusted devices, and number of revoked devices.
Configuration
device_lock:
enabled: true
mode: log # "log" or "enforce"Storage Locations
| Data | Location |
|---|---|
| Authority private key | OS keyring (nefia-device-lock) |
| Trust store | <state-dir>/device_lock.json |
MCP Tools
AI agents can check and verify device-lock status programmatically via MCP:
| Tool | Description |
|---|---|
nefia.device_lock.init | Initialize the device-lock authority. Generates Ed25519 key pair and creates trust store. |
nefia.device_lock.sign | Cryptographically sign a host's WireGuard public key, marking the device as trusted. |
nefia.device_lock.revoke | Revoke trust for a host by removing its public key from the trust store. |
nefia.device_lock.status | Check whether device-lock is enabled and verified for a host. Returns the device key fingerprint and registration timestamp. |
nefia.device_lock.verify | Perform cryptographic challenge verification against a host's registered Ed25519 key. Read-only and idempotent. |
See the MCP Protocol Reference for full parameter and response schemas.
Integration with Connection Flow
Device Lock is verified by the connmanager before establishing an SSH connection.
- Retrieve the host's WireGuard public key
- Verify the signature using
TrustStore.IsDeviceTrusted() - In
enforcemode, deny the connection if the device is untrusted - In
logmode, output a warning and allow the connection to proceed