# WPA2 PSK

PSK authentication uses a symmetric encryption which means that the same key and algorrithm used to encrypt the message is used to decrypt it as well. 

An 802.11 WLAN client will use Open authentication by default. Open authentication uses no keys and doesn't offer end-to-end security. There is no encryption, per-packet authentication or message integrity check. 

PSK Authentication requires the key to have been shared with the AP and the client before the authentication process starts. The steps to authenticate using PSK are:

1. The client sends an **Authentication Request** to AP
2. The AP then sends a cleartext **challenge phrase** to the client
3. The client encrypts the phrase with the shared key and sends the **encrypted response** it back to the AP
4. The AP decrypts it with the shared key and checks if it matches the original challenge phrase
5. If the phrases match the AP sends an **Authentication Response** to AP
6. The client sends an **Association Request** to the AP
7. The AP sends an **Association Response** to the client
8. A **virtual port is opened** and the client data is now allowed
9. **Data** exchanged between client and AP will be **encrypted** using the same pre-shared key