# WPA2 PSK PSK authentication uses a symmetric encryption which means that the same key and algorrithm used to encrypt the message is used to decrypt it as well. An 802.11 WLAN client will use Open authentication by default. Open authentication uses no keys and doesn't offer end-to-end security. There is no encryption, per-packet authentication or message integrity check. PSK Authentication requires the key to have been shared with the AP and the client before the authentication process starts. The steps to authenticate using PSK are: 1. The client sends an **Authentication Request** to AP 2. The AP then sends a cleartext **challenge phrase** to the client 3. The client encrypts the phrase with the shared key and sends the **encrypted response** it back to the AP 4. The AP decrypts it with the shared key and checks if it matches the original challenge phrase 5. If the phrases match the AP sends an **Authentication Response** to AP 6. The client sends an **Association Request** to the AP 7. The AP sends an **Association Response** to the client 8. A **virtual port is opened** and the client data is now allowed 9. **Data** exchanged between client and AP will be **encrypted** using the same pre-shared key --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://ccie.nyquist.eu/layer-2-technologies/wireless/wireless-authentication/wpa2-psk.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.