tieto team mailing list archive

Thread
Date
[Bug 1339607] Re: "Unencrypted private keys are insecure" message is vague and unhelpful

To: tieto@xxxxxxxxxxxxxxxxxxx
From: franzb <1339607@xxxxxxxxxxxxxxxxxx>
Date: Wed, 08 Jun 2016 07:01:42 -0000
Reply-to: Bug 1339607 <1339607@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx
Can confirm the regression for 16.04. Network manager started to
complain about private key not beeing password protected but it
definitely is.  I tried it with a freshly created key with password to
no avail.

-- 
You received this bug notification because you are a member of Tieto,
which is subscribed to the bug report.
https://bugs.launchpad.net/bugs/1339607

Title:
  "Unencrypted private keys are insecure" message is vague and unhelpful

Status in network-manager-applet package in Ubuntu:
  Confirmed

Bug description:
  Steps to reproduce:
  1. Set up a wireless connection with WPA security and an unencrypted private key.
  2. Make sure Network Manager will connect as soon as the wireless network is available.
  2. Reboot the computer.

  What happens:
  Network manager will connect to the network during boot. If it completes before login, you are presented with the following message:

  > Unencrypted private keys are insecure
  > The selected private key does not appear to be protected by a password.  This could allow your security credentials to be compromised.  Please select a password-protected private key.
  > 
  > (You can password-protect your private key with openssl)

  This message is really uninformative and unhelpful for many reasons:
  * It does not tell me which program/key is the problem. Initially I though that the problem had to do with one of my SSH keys. I had to grep the message in /usr/bin in order to understand who was showing it.
  * It does not tell why exactly unencrypted keys are insecure. In fact, someone might say they aren't.
  * It does not tell how to encrypt them. "You can password-protect your private key with openssl" does not mean anything, even to a person who knows what OpenSSL is.

  TL;DR: you are warned about a problem which does not exist, without
  being told what it is and how to solve it.

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: network-manager-gnome 0.9.8.8-0ubuntu4.2
  ProcVersionSignature: Ubuntu 3.13.0-31.55-generic 3.13.11.4
  Uname: Linux 3.13.0-31-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.2
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Wed Jul  9 10:51:28 2014
  IfupdownConfig:
   # interfaces(5) file used by ifup(8) and ifdown(8)
   auto lo
   iface lo inet loopback
  InstallationDate: Installed on 2013-10-23 (258 days ago)
  InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64 (20131016.1)
  IpRoute:
   default via 10.169.169.254 dev wlan0  proto static 
   10.0.3.0/24 dev lxcbr0  proto kernel  scope link  src 10.0.3.1 
   10.169.169.0/24 dev wlan0  proto kernel  scope link  src 10.169.169.100  metric 9 
   192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
  NetworkManager.state:
   [main]
   NetworkingEnabled=true
   WirelessEnabled=true
   WWANEnabled=true
   WimaxEnabled=true
  SourcePackage: network-manager-applet
  UpgradeStatus: Upgraded to trusty on 2014-03-25 (105 days ago)
  nmcli-dev:
   DEVICE     TYPE              STATE         DBUS-PATH                                  
   eth0       802-3-ethernet    unavailable   /org/freedesktop/NetworkManager/Devices/1  
   wlan0      802-11-wireless   connected     /org/freedesktop/NetworkManager/Devices/0
  nmcli-nm:
   RUNNING         VERSION    STATE           NET-ENABLED   WIFI-HARDWARE   WIFI       WWAN-HARDWARE   WWAN      
   running         0.9.8.8    connected       enabled       enabled         enabled    enabled         disabled

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607/+subscriptions