# EAP-TLS using private key and certificates via OpenSSL PKCS#11 engine and # openCryptoki (e.g., with TPM token) # This example uses following PKCS#11 objects: # $ pkcs11-tool --module /usr/lib/opencryptoki/libopencryptoki.so -O -l # Please enter User PIN: # Private Key Object; RSA # label: rsakey # ID: 04 # Usage: decrypt, sign, unwrap # Certificate Object, type = X.509 cert # label: ca # ID: 01 # Certificate Object, type = X.509 cert # label: cert # ID: 04 # Configure OpenSSL to load the PKCS#11 engine and openCryptoki module pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so pkcs11_module_path=/usr/lib/opencryptoki/libopencryptoki.so network={ ssid="test network" key_mgmt=WPA-EAP eap=TLS identity="User" # use OpenSSL PKCS#11 engine for this network engine=1 engine_id="pkcs11" # select the private key and certificates based on ID (see pkcs11-tool # output above) key_id="4" cert_id="4" ca_cert_id="1" # set the PIN code; leave this out to configure the PIN to be requested # interactively when needed (e.g., via wpa_gui or wpa_cli) pin="123456" } |