DGNum/hostapd
6
0
Fork 0
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

Example configuration for EAP-TLS authentication using PKCS#11 TPM token

Browse source
This commit is contained in:
Jouni Malinen 2008-05-23 19:41:05 +03:00
parent 61ee0f71bb
commit d9521c7438
2 changed files with 48 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

41
wpa_supplicant/examples/openCryptoki.conf Normal file
View file

@ -0,0 +1,41 @@
# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and
# openCryptoki (e.g., with TPM token)
# This example uses following PKCS#11 objects:
# $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l
# Please enter User PIN:
# Private Key Object; RSA
# label: rsakey
# ID: 04
# Usage: decrypt, sign, unwrap
# Certificate Object, type = X.509 cert
# label: ca
# ID: 01
# Certificate Object, type = X.509 cert
# label: cert
# ID: 04
# Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so
network={
ssid="test network"
key_mgmt=WPA-EAP
eap=TLS
identity="User"
# use OpenSSL PKCS#11 engine for this network
engine=1
engine_id="pkcs11"
# select the private key and certificates based on ID (see pkcs11-tool
# output above)
key_id="4"
cert_id="4"
ca_cert_id="1"
# set the PIN code; leave this out to configure the PIN to be requested
# interactively when needed (e.g., via wpa_gui or wpa_cli)
pin="123456"
}

8
www/wpa_supplicant/index.html
View file

@ -303,6 +303,12 @@ fields. In addition, simpler example configurations are available for
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/ieee8021x.conf">IEEE 802.1X with dynamic WEP (EAP-PEAP/MSCHAPv2)</a>, <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/ieee8021x.conf">IEEE 802.1X with dynamic WEP (EAP-PEAP/MSCHAPv2)</a>,
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa-psk-tkip.conf">WPA-PSK/TKIP</a>, and <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa-psk-tkip.conf">WPA-PSK/TKIP</a>, and
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa2-eap-ccmp.conf">WPA2-EAP/CCMP (EAP-TLS)</a>. <a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/wpa2-eap-ccmp.conf">WPA2-EAP/CCMP (EAP-TLS)</a>.
In addition, wpa_supplicant can use OpenSSL engine to avoid need for
exposing private keys in the file system. This can be used for EAP-TLS
authentication with smartcards and TPM tokens.
<a href="/gitweb/gitweb.cgi?p=hostap.git;a=blob_plain;f=wpa_supplicant/examples/openCryptoki.conf">Example configuration for using openCryptoki</a>
shows an example network block and related parameters for EAP-TLS
authentication using PKCS#11 TPM token.
</p> </p>
<h3>Feedback, comments, mailing list</h3> <h3>Feedback, comments, mailing list</h3>
@ -350,7 +356,7 @@ Internet Systems Consortium (ISC).
<address><a href="mailto:j@w1.fi">Jouni Malinen</a></address> <address><a href="mailto:j@w1.fi">Jouni Malinen</a></address>
<!-- Created: Sat May 22 21:41:58 PDT 2004 --> <!-- Created: Sat May 22 21:41:58 PDT 2004 -->
<!-- hhmts start --> <!-- hhmts start -->
Last modified: Sat Feb 23 15:47:15 PST 2008 Last modified: Fri May 23 19:39:40 EEST 2008
<!-- hhmts end --> <!-- hhmts end -->
</div> </div>
</body> </body>