Sending EAP Identity Encrypted

Alan DeKok aland at
Thu Sep 22 09:14:34 PDT 2016

On Sep 22, 2016, at 12:06 PM, alan furlong <alan250985 at> wrote:
> Is it possible to configure wpa_supplicant to send EAP Identity
> encrypted for privacy reasons?
> This makes an assumption that the RADIUS on the other end is able to
> decrypt it. Both EAP Peer and Authentication server could either use
> same shared secret, or client can encrypt using public key of the
> authentication server and server decrypting it using the private key.

  My $0.02 (as a RADIUS guy) is that this is a terrible idea.  Don't do it.

  Instead, use anonymous outer identities (,  and use the real identity in the inner tunnel.

  For further explanation, see my RFC:

  Alan DeKok.

More information about the Hostap mailing list