Re: [Opensc-devel] Question about how to use opensc from wpa_supplicant

[Chris G. <cl...@is...>]

On Wed, Aug 03, 2016 at 05:09:43PM +0200, Andreas Schwier wrote:
> Dear Chris,
> 
> we've recently integrated a SmartCard-HSM with wpa_supplicant using the
> following configuration:
> 
> # Configure OpenSSL to load the PKCS#11 engine and openCryptoki module
> pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so
> pkcs11_module_path=/usr/local/lib/opensc-pkcs11.so
> 
Do these go in the wpa_supplicant.conf file?

> network={
> 	ssid="hostAP"
> 	key_mgmt=WPA-EAP
> 	eap=TLS
> 	identity="User"
> 
> 	# use OpenSSL PKCS#11 engine for this network
> 	engine=1
> 	engine_id="pkcs11"
> 
> 	# select the private key and certificates based on ID (see pkcs11-tool
> 	# output above)
> 	key_id="5:1"
> 	cert_id="5:1"
> 	#ca_cert_id="1"
> 
> 	# set the PIN code; leave this out to configure the PIN to be requested
> 	# interactively when needed (e.g., via wpa_gui or wpa_cli)
> 	pin="875971"
> }
> 
> The AP was running hostapd with a PKI-TLS setup.
> 
> I got the configuration from the wpa_supplicant/examples directory in
> the source.
> 
OK, presumably I use the example given for EAP-SIM instead.


> To use EAP-SIM you need to compile wpa_supplicant with PC/SC support and
> have pcscd installed.
> 
Yes, OK.  I wish there was an easy way to find out what support is
compiled in to a version of wpa_supplicant.  I might have a version
with EAP-SIM support but there's no way to find out.

I have pcscd installed.

Thank you.

-- 
Chris Green