8

I exported a wireless network connection profile from a Windows 7 machine correctly connected to a WiFi network with a WPA-TKIP passphrase. The exported xml file shows the correct settings and a keyMaterial node which I can only guess is the encrypted passphrase.

When I take the xml to another Windows 7 computer and import it using netsh wlan add profile filename="WiFi.xml", it correctly adds the profile's SSID and encryption type, but a balloon pops up saying that I need to enter the passphrase.

Is there a way to import the passphrase along with all other settings or am I missing something about adding profiles?

Here is the exported xml with personal information removed:

<?xml version="1.0"?>
<WLANProfile xmlns="http://www.microsoft.com/networking/WLAN/profile/v1">
    <name>[removed]</name>
    <SSIDConfig>
        <SSID>
            <hex>[removed]</hex>
            <name>[removed]</name>
        </SSID>
        <nonBroadcast>false</nonBroadcast>
    </SSIDConfig>
    <connectionType>ESS</connectionType>
    <connectionMode>auto</connectionMode>
    <autoSwitch>false</autoSwitch>
    <MSM>
        <security>
            <authEncryption>
                <authentication>WPAPSK</authentication>
                <encryption>TKIP</encryption>
                <useOneX>false</useOneX>
            </authEncryption>
            <sharedKey>
                <keyType>passPhrase</keyType>
                <protected>true</protected>
                <keyMaterial>[removed]</keyMaterial>
            </sharedKey>
        </security>
    </MSM>
</WLANProfile>

Any help or advice is appreciated. Thanks.

Update: It seems if I export the settings using key=clear, the passphrase is stored in the file unprotected and I can import the file on another computer without issue. I've updated my question to reflect my findings.

matpie
  • 1,650

4 Answers4

10

Just use the key=clear parameter when exporting the profiles.

netsh wlan export profile key=clear

Now the passphrase/key will be stored in the XML file(s) in the clear. When you import the profile (as above), you will not be prompted for a passphrase.

Jason R. Coombs
  • 2,072
3

The problem is that the encrypted password was encrypted with a machine-specific key on the machine you exported the config from. You could import that xml file back into the same machine and it would work just fine. But it won't work on a different machine because the 2nd machine doesn't have the same machine-specific key and can't decrypt the password.

I'm not exactly sure what netsh uses as the machine-specific key or whether its possible to clone it from one system to another.

Ryan Bolger
  • 3,531
3

Ryan is right in that the key has a machine-specific encryption. Here's a solution:

  1. Open your XML file and locate the following line: <protected>true</protected>

  2. Change it to: <protected>false</protected>

  3. Under you will see encrypted line: <keyMaterial>01000000D08C9DDF0115D1118</keyMaterial>

  4. Change it to your key in plain text: <keyMaterial>Yourkey</keyMaterial>

Note: It means that your wireless key will be in clear text and everyone who has access to the file will be able to read your wireless key. But it works!

Siim K
  • 8,062
Tu Pham
  • 31
0

I have succesfully used the Wireless LAN API on my Windows XP machines, hope it helps you too (havent tested on Win7)

EDIT:

I know its weird that its written by a Symantec guy, but what can you do :)

soandos
  • 24,600
  • 29
  • 105
  • 136
Mads Troelsen
  • 1