You can't have encryption without some type of passphrase.
Your options are:
1) WPA2-PSK: pre-shared key, users can decrypt each others traffic
2) WPA2-Enterprise, EAP-PEAP-Public: behaves similar to PSK, dynamic encryption
3) WPA2-Enteprise, EAP-PEAP: username/password, dynamic encryption
4) WPA2-Enterprise, EAP-TLS: client certificates, dynamic encryption