← Back to team overview

desktop-packages team mailing list archive

[Bug 1339607] Re: "Unencrypted private keys are insecure" message is vague and unhelpful


I can confirm this too.
My private key starts like this:

Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,509FB430BEB25072

And I can add my pass phrase to network manager and it will apply without issues. However, if i restart my machine, it will during the lightdm login complain about that the key is unsafe and unencrypted. 
When i log in the pass phrase is gone and i have to fill it in again.

Description:	Ubuntu 14.04.3 LTS
Linux hostname 3.16.0-50-generic 
network-manager amd64
network-manager-gnome amd64

You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-applet in Ubuntu.

  "Unencrypted private keys are insecure" message is vague and unhelpful

Status in network-manager-applet package in Ubuntu:

Bug description:
  Steps to reproduce:
  1. Set up a wireless connection with WPA security and an unencrypted private key.
  2. Make sure Network Manager will connect as soon as the wireless network is available.
  2. Reboot the computer.

  What happens:
  Network manager will connect to the network during boot. If it completes before login, you are presented with the following message:

  > Unencrypted private keys are insecure
  > The selected private key does not appear to be protected by a password.  This could allow your security credentials to be compromised.  Please select a password-protected private key.
  > (You can password-protect your private key with openssl)

  This message is really uninformative and unhelpful for many reasons:
  * It does not tell me which program/key is the problem. Initially I though that the problem had to do with one of my SSH keys. I had to grep the message in /usr/bin in order to understand who was showing it.
  * It does not tell why exactly unencrypted keys are insecure. In fact, someone might say they aren't.
  * It does not tell how to encrypt them. "You can password-protect your private key with openssl" does not mean anything, even to a person who knows what OpenSSL is.

  TL;DR: you are warned about a problem which does not exist, without
  being told what it is and how to solve it.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: network-manager-gnome
  ProcVersionSignature: Ubuntu 3.13.0-31.55-generic
  Uname: Linux 3.13.0-31-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Jul  9 10:51:28 2014
   # interfaces(5) file used by ifup(8) and ifdown(8)
   auto lo
   iface lo inet loopback
  InstallationDate: Installed on 2013-10-23 (258 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
   default via dev wlan0  proto static dev lxcbr0  proto kernel  scope link  src dev wlan0  proto kernel  scope link  src  metric 9 dev virbr0  proto kernel  scope link  src
  SourcePackage: network-manager-applet
  UpgradeStatus: Upgraded to trusty on 2014-03-25 (105 days ago)
   DEVICE     TYPE              STATE         DBUS-PATH                                  
   eth0       802-3-ethernet    unavailable   /org/freedesktop/NetworkManager/Devices/1  
   wlan0      802-11-wireless   connected     /org/freedesktop/NetworkManager/Devices/0
   running    connected       enabled       enabled         enabled    enabled         disabled

To manage notifications about this bug go to: