After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 766684 - Unencrypted private keys are insecure error reported even when key is encrypted Edit
Unencrypted private keys are insecure error reported even when key is encrypt...
Status: RESOLVED FIXED
Product: NetworkManager
Classification: Platform
Component: nm-connection-editor
1.2.x
Other Linux
: Normal critical
: ---
Assigned To: NetworkManager maintainer(s)
NetworkManager maintainer(s)
Depends on:
Blocks:
 
 
Reported: 2016-05-19 20:46 UTC by Brandon
Modified: 2016-10-03 19:04 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
test private key (1.70 KB, application/x-x509-ca-cert)
2016-05-20 17:16 UTC, Brandon 		Details

Description Brandon 2016-05-19 20:46:14 UTC 
When trying to add a TLS 802.1x wireless connection to Network Manager there is a part to add the private key for the connection.  The key file cannot be found with the file input box, if you drag an drop the key from Nautilus into the box you can find it but you get the error:

"Unencrypted private keys are insecure
The selected private key does not appear to be protected by a password. This could allow your security credentials to be compromised. Please select a password-protected private key.

My key _IS_ password protected and secure, i have tried using multiple openssl encryption types with no fix.

Found in Ubuntu 16.04 with version 1.2.0 or 1.1.9.  No issue in 15.10 with version 1.0.4.  May be a regression
Comment 1 Brandon 2016-05-19 20:47:22 UTC 
 Downstream bug report:

https://bugs.launchpad.net/network-manager/+bug/1573720
Comment 2 Brandon 2016-05-19 20:49:26 UTC 
$ openssl rsa -in client_key.pem -check
Enter pass phrase for client_key.pem:
RSA key ok
writing RSA key
-----BEGIN RSA PRIVATE KEY-----
<removed>
-----END RSA PRIVATE KEY-----
Comment 3 Thomas Haller 2016-05-20 06:53:52 UTC 
Could you attach a key for that this happens? Obviously, not your real private key, but regenerate a test-key? Thanks.
Comment 4 Brandon 2016-05-20 17:16:24 UTC 
Created attachment 328276 [details]
test private key

I just created this key with the following commands:

$ openssl genrsa -des3 -out test_key.pem 2048
$ openssl rsa -in test_key.pem -outform pem -pubout -out test_cert.pem
Comment 5 Brandon 2016-05-20 17:17:22 UTC 
My real private key doesn't have the Proc-Type or DEK-Info headers but still has issues all the same.
Comment 6 Brandon 2016-05-20 18:11:43 UTC 
Also if I copy the network profile over from a 15.10 Ubuntu machine I still cannot connect.

May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257): libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted == NULL || *out_encrypted == FALSE' failed
Comment 7 Beniamino Galvani 2016-05-20 18:52:25 UTC 
(In reply to Brandon from comment #6)
> May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257):
> libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted ==
> NULL || *out_encrypted == FALSE' failed

This error was fixed by commit:

https://git.gnome.org/browse/network-manager-applet/commit/?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a
Comment 8 Brandon 2016-05-20 21:38:04 UTC 
Applying the libnm bug and rebuild the package did allow me to connect.  How ever applying that patch to network-manager-applet still gives me errors above when editing the conneciton.
Comment 9 Brandon 2016-05-20 22:03:59 UTC 
(In reply to Beniamino Galvani from comment #7)
> (In reply to Brandon from comment #6)
> > May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257):
> > libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted ==
> > NULL || *out_encrypted == FALSE' failed
> 
> This error was fixed by commit:
> 
> https://git.gnome.org/browse/network-manager-applet/commit/
> ?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a

I applied the libnm patch and I am able to connect to the network.  

However editing it still fails with the same error.  Even after applying the patch mentioned here.
Comment 10 Brandon 2016-05-23 03:29:41 UTC 
What info is needed here?
Comment 11 Beniamino Galvani 2016-05-23 07:52:34 UTC 
(In reply to Brandon from comment #9)
> (In reply to Beniamino Galvani from comment #7)
> > (In reply to Brandon from comment #6)
> > > May 20 12:08:49 strongbad gnome-session[1856]: (nm-applet:2257):
> > > libnm-CRITICAL **: nm_utils_file_is_private_key: assertion 'out_encrypted ==
> > > NULL || *out_encrypted == FALSE' failed
> > 
> > This error was fixed by commit:
> > 
> > https://git.gnome.org/browse/network-manager-applet/commit/
> > ?id=8e60431a7d6fc4c5545e58464e10b9131cbd3e6a
> 
> I applied the libnm patch and I am able to connect to the network.  
> 
> However editing it still fails with the same error.  Even after applying the
> patch mentioned here.

Do you see the same failed assertion? It's strange, each of the libnm and nm-applet patch alone should have fixed it (and they're working here). Can you try with nm-applet 1.2.2?
Comment 12 Mark Michaelis 2016-09-28 06:32:41 UTC 
It works for me with 1.2.2. Changelog says that this issue got fixed:

https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1575614

which seems to be the same as this one (and as the already referenced bug 1573720).

I already added a comment to 1573720:

https://bugs.launchpad.net/ubuntu/+source/network-manager/+bug/1573720/comments/14

which states that I had to do two things: Update network-manager to 1.2.2 AND update the BIOS of my machine (Dell Precision 5510). Now secure WLAN is alive and kicking.
Comment 13 Thomas Haller 2016-10-03 19:04:11 UTC 
it's unclear (to me) whether the issue is still present.

If I understand correctly, it's fixed now.

Closing this bug, if the issue still exists with recent versions, please reopen and provide details. Thanks.