| Dmitry Shmidt | 8d520ff | 2011-05-09 14:06:53 -0700 | [diff] [blame] | 1 | # EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and |
| 2 | # openCryptoki (e.g., with TPM token) |
| 3 | |
| 4 | # This example uses following PKCS#11 objects: |
| 5 | # $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l |
| 6 | # Please enter User PIN: |
| 7 | # Private Key Object; RSA |
| 8 | # label: rsakey |
| 9 | # ID: 04 |
| 10 | # Usage: decrypt, sign, unwrap |
| 11 | # Certificate Object, type = X.509 cert |
| 12 | # label: ca |
| 13 | # ID: 01 |
| 14 | # Certificate Object, type = X.509 cert |
| 15 | # label: cert |
| 16 | # ID: 04 |
| 17 | |
| 18 | # Configure OpenSSL to load the PKCS#11 engine and openCryptoki module |
| 19 | pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so |
| 20 | pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so |
| 21 | |
| 22 | network={ |
| 23 | ssid="test network" |
| 24 | key_mgmt=WPA-EAP |
| 25 | eap=TLS |
| 26 | identity="User" |
| 27 | |
| 28 | # use OpenSSL PKCS#11 engine for this network |
| 29 | engine=1 |
| 30 | engine_id="pkcs11" |
| 31 | |
| 32 | # select the private key and certificates based on ID (see pkcs11-tool |
| 33 | # output above) |
| 34 | key_id="4" |
| 35 | cert_id="4" |
| 36 | ca_cert_id="1" |
| 37 | |
| 38 | # set the PIN code; leave this out to configure the PIN to be requested |
| 39 | # interactively when needed (e.g., via wpa_gui or wpa_cli) |
| 40 | pin="123456" |
| 41 | } |