[Pkg-utopia-maintainers] Bug#818759: Bug#818759: network-manager-gnome: Unencrypted private Keys are insecure

Rolf Wald rolf.wald at germer-wald.de
Mon Mar 21 10:50:36 UTC 2016


Hello Michael Biebl,

Am 20.03.2016 um 23:19 schrieb Michael Biebl:
> Control: notfound -1 1.0.10-1
> Control: found -1 1.1.90-6
> Control: tags -1 + moreinfo
> 
> Am 20.03.2016 um 14:22 schrieb Rolf Wald:
>> Package: network-manager-gnome
>> Version: 1.0.10-1
>> Severity: normal
>> 
>> Dear Maintainer,
>> 
>> 
>>    * What led up to the situation?
>>    Using Keys in secured WLAN causes Message "Unencrypted private Keys are insecure" using Version 1.1.90-6
> 

Sorry if is not clear enough, it my first bug report and somebody of the
debianforum helpt me to make this report.

The Version of network-manager was 1.1.90-6 ( update to 1.1.91-1 shows
the same behaviour), but the version of network-manager-gnome was 1.1.90-3

> What kind of connection is that? WPA-PSK, WPA-Enterprise etc.

It's a connection WPA-Enterprise with TLS Radius Auth.


> Can you attach the corresponding connection file (it can be found in
> /etc/NetworkManager/system-connections/). Make sure to anonymize the
> private bits.
> Where and when do you get this error message?
> 
The problem is only if I want to make a new connection entry or change
an existing entry, then this Window with the Message popped up (several
times). Old entries (made with former versions ) are working correct.
When I want to make a new entry (after closing the popups) :
wpa-enterprise > security > tls I can't fil in a secret key (.p12)
because the open dialog shows no entries. Sometimes when I fill in all
other fields ( username, usercert, cacert) it shows entries, but when I
fill in my secret passphrase, it will not be saved. So new entries does
not function at all.

a working old entry, new entries do not have a private-key-password entry
------
[connection]

          [0/50]
id=killroy
uuid=89fea9ff-b67c-4892-a4cf-d2fd1e267a43
type=wifi
autoconnect=false
interface-name=wlp3s0
permissions=
secondaries=

[wifi]
mac-address=A0:88:xx:xx:5C:B0
mac-address-blacklist=
mac-address-randomization=0
mode=infrastructure
seen-bssids=
ssid=killroy

[wifi-security]
group=
key-mgmt=wpa-eap
pairwise=
proto=

[802-1x]
altsubject-matches=
ca-cert=/home/rwald/xxxxxx/cacertrootchain.pem
client-cert=/home/rwald/xxxxxx/rolfwald-germer-wald-xxxx.p12
eap=tls;
identity=xyz
phase2-altsubject-matches=
private-key=/home/rwald/.pkcs11/rolfwald-germer-wald-xxxx.p12
private-key-password=xxxxxxxxxxxxxx

[ipv4]
dns-search=
method=auto

[ipv6]
addr-gen-mode=stable-privacy
dns-search=
ip6-privacy=0
method=ignore
------

-- 
Mit freundlichen Grüßen (kind regards) Rolf Wald
Burgstr. 6
38385 Ingeleben
No HTML please
S/MIME signed email preferred, encryption wanted

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4157 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-utopia-maintainers/attachments/20160321/13ce5d9e/attachment.bin>


More information about the Pkg-utopia-maintainers mailing list