GNOME Bugzilla – Bug 766684
Unencrypted private keys are insecure error reported even when key is encrypted Edit
Last modified: 2016-10-03 19:04:11 UTC
When trying to add a TLS 802.1x wireless connection to Network Manager there is a part to add the private key for the connection. The key file cannot be found with the file input box, if you drag an drop the key from Nautilus into the box you can find it but you get the error: "Unencrypted private keys are insecure The selected private key does not appear to be protected by a password. This could allow your security credentials to be compromised. Please select a password-protected private key. My key _IS_ password protected and secure, i have tried using multiple openssl encryption types with no fix. Found in Ubuntu 16.04 with version 1.2.0 or 1.1.9. No issue in 15.10 with version 1.0.4. May be a regression
Downstream bug report: https://bugs.launchpad.net/network-manager/+bug/1573720
$ openssl rsa -in client_key.pem -check Enter pass phrase for client_key.pem: RSA key ok writing RSA key -----BEGIN RSA PRIVATE KEY----- <removed> -----END RSA PRIVATE KEY-----
Could you attach a key for that this happens? Obviously, not your real private key, but regenerate a test-key? Thanks.
Created attachment 328276 [details] test private key I just created this key with the following commands: $ openssl genrsa -des3 -out test_key.pem 2048 $ openssl rsa -in test_key.pem -outform pem -pubout -out test_cert.pem
My real private key doesn't have the Proc-Type or DEK-Info headers but still has issues all the same.
Also if I copy the network profile over from a 15.10 Ubuntu machine I still cannot connect. May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed
(In reply to Brandon from comment #6) > May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257): > libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == > NULL || *out_encrypted == FALSE' failed This error was fixed by commit: https://git.gnome.org/browse/network-manager-applet/commit/?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a
Applying the libnm bug and rebuild the package did allow me to connect. How ever applying that patch to network-manager-applet still gives me errors above when editing the conneciton.
(In reply to Beniamino Galvani from comment #7) > (In reply to Brandon from comment #6) > > May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257): > > libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == > > NULL || *out_encrypted == FALSE' failed > > This error was fixed by commit: > > https://git.gnome.org/browse/network-manager-applet/commit/ > ?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a I applied the libnm patch and I am able to connect to the network. However editing it still fails with the same error. Even after applying the patch mentioned here.
What info is needed here?
(In reply to Brandon from comment #9) > (In reply to Beniamino Galvani from comment #7) > > (In reply to Brandon from comment #6) > > > May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257): > > > libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == > > > NULL || *out_encrypted == FALSE' failed > > > > This error was fixed by commit: > > > > https://git.gnome.org/browse/network-manager-applet/commit/ > > ?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a > > I applied the libnm patch and I am able to connect to the network. > > However editing it still fails with the same error. Even after applying the > patch mentioned here. Do you see the same failed assertion? It's strange, each of the libnm and nm-applet patch alone should have fixed it (and they're working here). Can you try with nm-applet 1.2.2?
It works for me with 1.2.2. Changelog says that this issue got fixed: https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1575614 which seems to be the same as this one (and as the already referenced bug 1573720). I already added a comment to 1573720: https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1573720/comments/14 which states that I had to do two things: Update network-manager to 1.2.2 AND update the BIOS of my machine (Dell Precision 5510). Now secure WLAN is alive and kicking.
it's unclear (to me) whether the issue is still present. If I understand correctly, it's fixed now. Closing this bug, if the issue still exists with recent versions, please reopen and provide details. Thanks.