Feature request: extend nm-setting-8021x to use wpa_supplicant's openssl engine support
wpa_supplicant supports openssl engine for EAPOL based authentication for quite some time already. This includes opensc and pkcs11. tpm2 is wip.
Therefore I suggest to implement support for the following wpa_supplicant.conf network section attributes in nm-setting-8021x:
(from wpa_supplicant/config.c)
{ STRe(pcsc) },
{ STR_KEYe(pin) },
{ STRe(engine_id) },
{ STRe(key_id) },
{ STRe(cert_id) },
{ STRe(ca_cert_id) },
{ STR_KEYe(pin2) },
{ STRe(engine2_id) },
{ STRe(key2_id) },
{ STRe(cert2_id) },
{ STRe(ca_cert2_id) },
{ INTe(engine) },
{ INTe(engine2) },
For the future implementation of tpm2 engine allow for tpm2 in engine_id besides opensc and pkcs11. tpm2 wrapped private keys feature the pem tag: -----BEGIN TSS2 PRIVATE KEY-----
It may be useful also to be able to set the path to the respective libraries in the global wpa_supplicant.conf section opensc_engine_path pkcs11_engine_path pkcs11_so_path tpm2_engine_path
Edited by Gerik