Skip to content

Wireless authentication

Jump to bottom
Viktor Tarasov edited this page Dec 11, 2012 · 1 revision

Wireless authentication

Wireless network used to be protected by the WEP standard, but WEP turned out to be insecure and thus useless.
These days wireless networks are usualy protected using WPA – Wi-Fi Protected Access.

Unfortunatly WPA is available in several flavors and versions, see
the Wi-Fi Alliance website for details.

If your wireless network is set up to ask for authentication using client certificates,
then you can use it with those certificates and keys on your smart card.

For windows the windows build in WPA client should work well, if you have a CSP installed that works with OpenSC.
This is untested, please report your results.

For linux you can use the WPA Supplicant or Xsupplicant with OpenSC.
The support for smart cards is implemented in both via the PKCS#11 Engine for OpenSSL.

WPA Supplicant

To use WPA Suppplicant with smart card authentication you need to compile it with smart card support. Your config file should include this line:

# Smartcard support (i.e., private key on a smartcard), e.g., with openssl

    
	
  1. engine.
    
CONFIG_SMARTCARD=y
    

    2.

Also you need to edit wpa_supplicant.conf like this:

# OpenSSL Engine support

    
	
  1. These options can be used to load OpenSSL engines.
    2. 
	
  2. make the pkcs11 engine available
    
pkcs11_engine_path=/usr/lib/engine/engine_pkcs11.so
    3. 
	
  3. configure the path to the pkcs11 module required by the pkcs11 engine
    
pkcs11_module_path=/usr/lib/engine/opensc-pkcs11.so
    

    4.

X Supplicant

It looks like xsupplicant is always compiled with smart card support.

To enable it, edit the xsupplicant.conf config file and look for lines
like these:

     # this section configures the smartcard used with eap-tls

    
	
  1. for now the smartcard PIN is handled the same way as the
    2. 
	
  2. password for a private key
    
     smartcard {
    3. 
	
  3. this line actually enables the smartcard and makes xsupplicant use
    4. 
	
  4. the opensc engine
    
        engine_id = pkcs11
    5. 
	
  5. set the path to the engine
    
        opensc_so_path = “/usr/lib/engine/engine_pkcs11.so”
    6. 
	
  6. set the key id on the smartcard
    
        key_id = 45
    
     }
    

    7.

FIXME: someone should test this and check if it works as advertised.

Warning: Due to attempts to plant malicious links to our wiki, it is no longer open to anyone to edit. If you want to contribute to this, wiki, please open a pull request here: https://github.com/OpenSC/Wiki

Quick Start

User Documentation

Developer Documentation

Clone this wiki locally