wpa_passphrase

Generate WPA PSK (pre-shared key)

TLDR

Compute and display the WPA-PSK key for a given SSID reading the passphrase from stdin

$ wpa_passphrase [SSID]

Compute and display WPA-PSK key for a given SSID specifying the passphrase as an argument

$ wpa_passphrase [SSID] [passphrase]

SSID
    Wi-Fi network name (first positional argument)

passphrase
    Plaintext passphrase (second argument or stdin if omitted)

-h, --help
    Display help message

--version
    Print version information

DESCRIPTION

The wpa_passphrase command is a utility from the wpa_supplicant package used to compute a WPA pre-shared key (PSK) hash for Wi-Fi network configuration. It takes an SSID (network name) and a passphrase as input, applying the PBKDF2-HMAC-SHA1 derivation function to produce a 256-bit key in hexadecimal format.

This is particularly useful for wpa_supplicant.conf files, where storing the raw passphrase is insecure. Instead, the hashed PSK is used, enhancing security by avoiding plaintext passphrases in config files. The output is formatted as a ready-to-use network={} block, including both commented raw passphrase and hashed PSK for convenience.

Common use cases include pre-generating keys for headless setups or scripts automating Wi-Fi connections. It supports passphrases of 8-63 ASCII characters or exactly 64 hexadecimal digits (treated as raw key). The command is lightweight, requiring no network interface, and runs entirely locally.

wpa_passphrase

Generate WPA PSK (pre-shared key)

TLDR

SYNOPSIS

PARAMETERS

DESCRIPTION

CAVEATS

EXAMPLE USAGE

OUTPUT FORMAT

HISTORY

SEE ALSO