aboutsummaryrefslogtreecommitdiffstats
path: root/wpa_supplicant/examples
diff options
context:
space:
mode:
authorJouni Malinen <j@w1.fi>2008-05-23 16:41:05 (GMT)
committerJouni Malinen <j@w1.fi>2008-05-23 16:41:05 (GMT)
commitd9521c74385a08b0d4c21619dc816b5c362363d9 (patch)
tree6c090997bbffbf019e40cc02447193d002e5b467 /wpa_supplicant/examples
parent61ee0f71bb234bd5f4c8f1229462e72883cee787 (diff)
downloadhostap-d9521c74385a08b0d4c21619dc816b5c362363d9.zip
hostap-d9521c74385a08b0d4c21619dc816b5c362363d9.tar.gz
hostap-d9521c74385a08b0d4c21619dc816b5c362363d9.tar.bz2
Example configuration for EAP-TLS authentication using PKCS#11 TPM token
Diffstat (limited to 'wpa_supplicant/examples')
-rw-r--r--wpa_supplicant/examples/openCryptoki.conf41
1 files changed, 41 insertions, 0 deletions
diff --git a/wpa_supplicant/examples/openCryptoki.conf b/wpa_supplicant/examples/openCryptoki.conf
new file mode 100644
index 0000000..e2301a6
--- /dev/null
+++ b/wpa_supplicant/examples/openCryptoki.conf
@@ -0,0 +1,41 @@
+# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and
+# openCryptoki (e.g., with TPM token)
+
+# This example uses following PKCS#11 objects:
+# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l
+# Please enter User PIN:
+# Private Key Object; RSA
+# label: rsakey
+# ID: 04
+# Usage: decrypt, sign, unwrap
+# Certificate Object, type = X.509 cert
+# label: ca
+# ID: 01
+# Certificate Object, type = X.509 cert
+# label: cert
+# ID: 04
+
+# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
+pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
+pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so
+
+network={
+ ssid="test network"
+ key_mgmt=WPA-EAP
+ eap=TLS
+ identity="User"
+
+ # use OpenSSL PKCS#11 engine for this network
+ engine=1
+ engine_id="pkcs11"
+
+ # select the private key and certificates based on ID (see pkcs11-tool
+ # output above)
+ key_id="4"
+ cert_id="4"
+ ca_cert_id="1"
+
+ # set the PIN code; leave this out to configure the PIN to be requested
+ # interactively when needed (e.g., via wpa_gui or wpa_cli)
+ pin="123456"
+}