wpa_passphrase

Compute and display the WPA-PSK key for a given SSID reading the passphrase from stdin

$ wpa_passphrase [SSID]

$ wpa_passphrase [SSID] [passphrase]

wpa_passphrase [ ssid ] [ passphrase ]

ssid
    The SSID (network name) of the Wi-Fi network. If omitted, it prompts for the SSID.

passphrase
    The passphrase or password for the Wi-Fi network. If omitted, it prompts for the passphrase.

The wpa_passphrase command is a utility used to generate a pre-shared key (PSK) for WPA or WPA2 networks from an ASCII passphrase (network password). It takes the SSID (network name) and the passphrase as input and outputs the PSK, which can then be used in the configuration file for wpa_supplicant or other Wi-Fi clients. This command is commonly used for configuring wireless network connections where a plain-text password needs to be converted into a more secure hexadecimal representation suitable for network authentication. It enhances security by never storing the raw password in configuration files, instead storing the output from this tool.

Using wpa_passphrase involves supplying the network SSID (Service Set Identifier) along with the desired passphrase to the command. The command then computes the PSK using a cryptographic hash function and displays the generated key, along with network configuration block that includes the psk. This generated block can be directly pasted into the wpa_supplicant configuration file (typically /etc/wpa_supplicant/wpa_supplicant.conf) to enable the wireless connection. The output provides information useful for setting up static configurations for wireless networks in Linux environments.

The passphrase should be at least 8 characters long for security reasons. Shorter passphrases may be accepted but are highly discouraged. The output of wpa_passphrase includes the plaintext passphrase in a comment for clarity, be careful with where the output is stored.

While wpa_passphrase generates a more secure PSK than storing the raw passphrase, it is still important to protect the configuration file where the PSK is stored. Ensure that the file has appropriate permissions to prevent unauthorized access. Also, be mindful of the passphrase strength, as it directly affects the security of the wireless network.

The wpa_passphrase command has been developed as part of the WPA Supplicant project, which started in the early 2000s. It was created to simplify the configuration of WPA-encrypted wireless networks. Before tools like wpa_passphrase became commonplace, manual calculation and configuration of PSKs were complex and prone to errors. The command automates the process of generating the PSK from a human-readable passphrase, significantly improving the usability and security of WPA-based wireless network setups.

wpa_supplicant(8), iwconfig(8), iwlist(8)