I'm also seeing this issue on xenial. Looking at the source package, the
message is generated in wireless-security/eap-method-tls.c:
/* Warn the user if the private key is unencrypted */
if (!eap_method_is_encrypted_private_key (filename)) {
[...]
gtk_message_dialog_format_secondary_text (GTK_MESSAGE_DIALOG
(dialog),
"%s",
_("The selected
private key does not appear to be protected by a password. This could allow
your security credentials to be compromised. Please select a
password-protected private key.\n\n(You can password-protect your private key
with openssl)"));
[...]
}
However, this is highly misleading, since
eap_method_ins_encrypted_private_key() returns false for various other
reasons, in particular when the file cannot be opened or has the wrong
extension.
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to network-manager-applet in Ubuntu.
https://bugs.launchpad.net/bugs/1339607
Title:
"Unencrypted private keys are insecure" message is vague and unhelpful
Status in network-manager-applet package in Ubuntu:
Confirmed
Bug description:
Steps to reproduce:
1. Set up a wireless connection with WPA security and an unencrypted private
key.
2. Make sure Network Manager will connect as soon as the wireless network is
available.
2. Reboot the computer.
What happens:
Network manager will connect to the network during boot. If it completes
before login, you are presented with the following message:
> Unencrypted private keys are insecure
> The selected private key does not appear to be protected by a password.
This could allow your security credentials to be compromised. Please select a
password-protected private key.
>
> (You can password-protect your private key with openssl)
This message is really uninformative and unhelpful for many reasons:
* It does not tell me which program/key is the problem. Initially I though
that the problem had to do with one of my SSH keys. I had to grep the message
in /usr/bin in order to understand who was showing it.
* It does not tell why exactly unencrypted keys are insecure. In fact,
someone might say they aren't.
* It does not tell how to encrypt them. "You can password-protect your
private key with openssl" does not mean anything, even to a person who knows
what OpenSSL is.
TL;DR: you are warned about a problem which does not exist, without
being told what it is and how to solve it.
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: network-manager-gnome 0.9.8.8-0ubuntu4.2
ProcVersionSignature: Ubuntu 3.13.0-31.55-generic 3.13.11.4
Uname: Linux 3.13.0-31-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Jul 9 10:51:28 2014
IfupdownConfig:
# interfaces(5) file used by ifup(8) and ifdown(8)
auto lo
iface lo inet loopback
InstallationDate: Installed on 2013-10-23 (258 days ago)
InstallationMedia: Ubuntu 13.10 "Saucy Salamander" - Release amd64
(20131016.1)
IpRoute:
default via 10.169.169.254 dev wlan0 proto static
10.0.3.0/24 dev lxcbr0 proto kernel scope link src 10.0.3.1
10.169.169.0/24 dev wlan0 proto kernel scope link src 10.169.169.100
metric 9
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
NetworkManager.state:
[main]
NetworkingEnabled=true
WirelessEnabled=true
WWANEnabled=true
WimaxEnabled=true
SourcePackage: network-manager-applet
UpgradeStatus: Upgraded to trusty on 2014-03-25 (105 days ago)
nmcli-dev:
DEVICE TYPE STATE DBUS-PATH
eth0 802-3-ethernet unavailable
/org/freedesktop/NetworkManager/Devices/1
wlan0 802-11-wireless connected
/org/freedesktop/NetworkManager/Devices/0
nmcli-nm:
RUNNING VERSION STATE NET-ENABLED WIFI-HARDWARE
WIFI WWAN-HARDWARE WWAN
running 0.9.8.8 connected enabled enabled
enabled enabled disabled
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1339607/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
