wpa_supplicant supports large range of security modes and authentication types. Just looking at the reference information of available configuration options may not provide enough high level understanding to select which options are needed. This page provides information about configuring wpa_supplicant and a wizard for generating example configuration files to make it easier to understand different security policies and how they should be configured for wpa_supplicant.
The wizard goes through steps to select suitable options based on your input. An example configuration file is updated at each step. This example can be seen at the bottom of this page.
wpa_supplicant can be used with multiple operating systems and network drivers. Most of the configuration parameters do not depend on this, but some of the parameters may need to be changed based on OS/driver capabilities.
Wireless networks have a "network name" (SSID = Service Set Identifier). This is a sequence of up to 32 characters. This name is used to select which access points (AP) can be used and as such, it must match with the SSID configured for the desired AP.
Some APs allow SSIDs to be "hidden" which requires that the client is specifically searching for the configured to SSID to be able to connect. This may require some additional options in wpa_supplicant configuration, so enable those here by checking "hidden SSID" if your AP is configured to hide the SSID. This may show up as "brodcast SSID disabled" or "hidden SSID" or something similar in the AP configuration. Hidden SSID configuration does not prevent wpa_supplicant from connecting to APs that do not hide SSID, so it can be enabled for all cases.
TODO: write explanation for different modes
TODO: different group cipher for WPA/WPA2
Static WEP keys requires that at least one key is configured. Up to four keys can be configured and one of them needs to be selected to be used for transmitted frames. All configured keys can be used when decrypting received frames.
WEP can be used with different key length. In most cases, either 40-bit or 104-bit keys are used. These key lengths may also be shown as 64-bit and 128-bit in some cases since WEP adds 24-bit initialization vector into the keys. 40-bit keys can be entered as five character string surrounded with double quotation marks, e.g., "abcde". Alternatively, they can be entered as a hex string of ten characters without quotation marks, e.g., 6162636465. Both of these options configure the same key. 104-bit keys are entered similarly, with 13-character text string or 26-character hex string.
wpa_supplicant uses indexes 0 .. 3 for the WEP keys. Some other user interfaces may use indexes 1 .. 4, so this needs to be taken into account when determining which index to use here.
Passphrase (string of 8 to 63 characters) needs to be configured for WPA/WPA2-Personal. This passphrase is then converted into a 256-bit pre-shared key (PSK). Alternatively, a 256-bit PSK can be entered as 64-character hex string into the PSK field. Only one of these options should be used.
TODO: write introduction text for each EAP method
This configuration file can be copied to a text file that wpa_supplicant will then be asked to use with -c<full path to configuration file> command line option.