Launchpad has imported 2 comments from the remote bug at https://bugzilla.gnome.org/show_bug.cgi?id=670999.
If you reply to an imported comment from within Launchpad, your comment will be sent to the remote bug automatically. Read more about Launchpad's inter-bugtracker facilities at https://help.launchpad.net/InterBugTracking. ------------------------------------------------------------------------ On 2012-02-28T19:55:16+00:00 Walter Mundt wrote: NetworkManager does not appear to support private keys encrypted with AES. At the very least, it will not validate such a key in nm-util when setting up a WPA 802.1x TLS wifi connection. To test via nm-applet: 1. Start with a working (cleartext or DES-3) private key/cert for a network. Set up a connection and verify that everything works. 2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in working-key.pem -out aes-key.pem -aes256" (the output should have a line starting with "DEK-Info: AES-256-CBC,") 3. Delete the settings for the test network and attempt to reconnect using the new key. Even with the correct passphrase, the "Connect" button will remain disabled; debugging output will show that nm-util is failing to validate the private key. Workaround for anyone running into this issue: Re-encrypt your key with DES-3. The incantation is "openssl rsa -in aes-key.pem -out working- key.pem -des3". Reply at: https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/942856/comments/1 ------------------------------------------------------------------------ On 2012-02-29T19:04:00+00:00 Walter Mundt wrote: Specific version information, as requested on the Ubuntu bug at https://bugs.launchpad.net/network-manager/+bug/942856 and added here in case it's useful upstream: Ubuntu Release: 11.10 network-manager version: 0.9.1.90-0ubuntu5.1 network-manager-gnome version: 0.9.1.90-0ubuntu6 FWIW, based on my cursory examination of the code, the issue does not appear to be introduced by any Ubuntu packages. This may be classifiable as "enhancement" or "wishlist" depending on whether feature parity with openssl is part of the "current feature set" of the application. Based on my searches today, there's no common standard for specifying anything more elaborate than a DES cipher in the DEK-Info header of a PEM file. Still, it would be nice to at least have some kind of error message about the key format being unsupported instead of this case just getting treated as if the key passphrase is always incorrect by the UI. Reply at: https://bugs.launchpad.net/ubuntu/+source/network- manager/+bug/942856/comments/4 ** Changed in: network-manager Status: Unknown => Confirmed ** Changed in: network-manager Importance: Unknown => Wishlist -- You received this bug notification because you are a member of Ubuntu Touch seeded packages, which is subscribed to network-manager in Ubuntu. https://bugs.launchpad.net/bugs/942856 Title: NetworkManager does not support AES-encrypted private keys for WPA 802.1x authentication Status in NetworkManager: Confirmed Status in network-manager package in Ubuntu: Fix Released Status in network-manager source package in Bionic: In Progress Bug description: * Impact Selecting AES-{192,256}-CBC keys to connect isn't working * Test case 1. Start with a working (cleartext or DES-3) private key/cert for a network. Set up a connection and verify that everything works. 2. Re-encrypt the key with AES-256 with this command: "openssl rsa -in working-key.pem -out aes-key.pem -aes256" (the output should have a line starting with "DEK-Info: AES-256-CBC,") 3. Delete the settings for the test network and attempt to reconnect using the new key. That should work * Regression potential That's new code for an extra type of keys, it shouldn't impact existing options -------------- NetworkManager does not appear to support private keys encrypted with AES. At the very least, it will not validate such a key in nm-util when setting up a WPA 802.1x TLS wifi connection. To manage notifications about this bug go to: https://bugs.launchpad.net/network-manager/+bug/942856/+subscriptions -- Mailing list: https://launchpad.net/~touch-packages Post to : touch-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~touch-packages More help : https://help.launchpad.net/ListHelp