how to enable the internal client crypto on WPA_supplicant

Achuthan Paramanathan acp at
Mon Dec 7 03:56:28 PST 2015

Hi Jouni,

Thank you for the notification and also the implementation, this is great !


-----Original Message-----
From: Jouni Malinen [mailto:j at] 
Sent: 5. december 2015 19:59
To: Achuthan Paramanathan <acp at>
Cc: Hostap at
Subject: Re: how to enable the internal client crypto on WPA_supplicant

On Fri, Dec 04, 2015 at 09:46:03AM +0000, Achuthan Paramanathan wrote:
> One final question, can you (please) suggest what format the internal crypto support ?
> Then I will see if I can convert it / or generate the suitable private 
> key to this purpose

It needs to be understood that the internal TLS implementation is experimental and its support for various options depend on what has come up as something useful to test with in the past. It supports unencrypted private key in PKCS #1 encoded RSA private key format and PKCS #8 format. For encrypted private key cases, only PKCS #8 in PKCS #5
v1.5 format with pbeWithMD5AndDES-CBC was supported. I added support for the PKCS #8 with the newer PKCS #5 v2.0 format (PBES2 with

That should cover the key format you showed in the log in this thread.
Jouni Malinen                                            PGP id EFC895FA

More information about the Hostap mailing list