In general terms a supplicant is a software package installed on an end-user's client device. The device invokes the supplicant and submits credentials to connect the device to a secure network. If the authentication succeeds, the authenticator typically allows the device to connect to the network.

What is a WPA-Supplicant?

WPA supplicant is an implementation of the IEEE 802.11i supplicant for different operating systems like Linux, FreeBSD, Windows etc. The supplicant implements the security protocols and features addressed in the 802.11i standard. They include:

• WPA and full IEEE 802.11i/RSN/WPA2
• WPA-PSK and WPA2-PSK ("WPA-Personal", pre-shared key)
• WPA with EAP ("WPA-Enterprise", for example with RADIUS authentication server)
• Key management for CCMP, TKIP, WEP (both 104/128- and 40/64-bit)
• RSN: PMKSA caching, pre-authentication

Typically, a running instance of wpa_supplicant for a wireless device sends and receives commands to/from the CFG80211 (a Linux kernel component), which in turn communicates with the associated wireless device driver. The CFG80211 is a wireless device configuration manager.  It only communicates with registered 802.11 wireless devices drivers.  It provides a wireless extension (WEXT) and a NL80211 (netlink) communication interfaces for user-space applications. 

Note: The WEXT sub component is currently in maintenance phase and will eventually be deprecated. 

The WPA Supplicant package typically provides three Wi-Fi connection utilities.  They are user-space applications and their primary function is to get a wireless device attached to an access point (or LAN/WLAN).  The applications are:

1. wpa_supplicant
2. wpa_cli
3. wpa_passphrase. 

To assist our customers on how to use the Wi-Fi Protected Access (WPA) supplicant package, we have developed an application note. This application note focuses on the two frequently used applications - wpa_supplicant and wpa_cli. Please download the full version of the document for more information.