** Description changed:
+ * Impact
+
+ Selecting AES-{192,256}-CBC keys to connect isn't working
+
+ * Test case
+
+ 1. Start with a working (cleartext or DES-3) private key/cert for a network.
Set up a connection and verify that everything works.
+ 2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in
working-key.pem -out aes-key.pem -aes256" (the output should have a line
starting with "DEK-Info: AES-256-CBC,")
+ 3. Delete the settings for the test network and attempt to reconnect using
the new key.
+
+ That should work
+
+ * Regression potential
+
+ That's new code for an extra type of keys, it shouldn't impact existing
+ options
+
+ --------------
+
NetworkManager does not appear to support private keys encrypted with
AES. At the very least, it will not validate such a key in nm-util when
setting up a WPA 802.1x TLS wifi connection.
-
- To test:
-
- 1. Start with a working (cleartext or DES-3) private key/cert for a network.
Set up a connection and verify that everything works.
- 2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in
working-key.pem -out aes-key.pem -aes256" (the output should have a line
starting with "DEK-Info: AES-256-CBC,")
- 3. Delete the settings for the test network and attempt to reconnect using
the new key. Even with the correct passphrase, the "Connect" button will
remain disabled; debugging will determine that nm-util is failing to validate
the private key.
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to network-manager in Ubuntu.
https://bugs.launchpad.net/bugs/942856
Title:
NetworkManager does not support AES-encrypted private keys for WPA
802.1x authentication
Status in NetworkManager:
Confirmed
Status in network-manager package in Ubuntu:
Fix Released
Bug description:
* Impact
Selecting AES-{192,256}-CBC keys to connect isn't working
* Test case
1. Start with a working (cleartext or DES-3) private key/cert for a network.
Set up a connection and verify that everything works.
2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in
working-key.pem -out aes-key.pem -aes256" (the output should have a line
starting with "DEK-Info: AES-256-CBC,")
3. Delete the settings for the test network and attempt to reconnect using
the new key.
That should work
* Regression potential
That's new code for an extra type of keys, it shouldn't impact
existing options
--------------
NetworkManager does not appear to support private keys encrypted with
AES. At the very least, it will not validate such a key in nm-util
when setting up a WPA 802.1x TLS wifi connection.
To manage notifications about this bug go to:
https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
