Smartcards and wpa_supplicant

Gordon Hecker g.hecker
Tue Oct 12 06:11:05 PDT 2004


I'm working on a patch to support smartcards in wpa_supplicant.
The smartcards are integrated via Openssl engines.
The engines currently supported are the opensc and pkcs11
engines from the opensc project.

Currently the patch implements the following:

There are some new configuration options shown below.



An example configuration file called smartcard.conf is included in
the patch. It includes settings for both engines.

All the engines configured in the global section are loaded when
wpa_supplicant is started.
To use an engine it must additionally be chosen (engine_id="...") and
enabled (engine=1) in the network section. And the key id on the
smartcard must be configured similar to specifying a file for the
private key.

If an engine is used the smartcard requires a pin code. That pin code is
asked for via the control interface. So running wpa_cli is currently
neccessary to provide the smartcard pin.
The command I added to wpa_cli is "scpin <network id> <pin>". It's
similar to the existing password and identity commands.

I tested the patch only with EAP-TLS in combination with wpa2 or dynamic
wep keying.

The patch seems to be too big for the list, so I placed it in

I'm looking forward to your commments and feedback!


More information about the Hostap mailing list