View Issue Details

IDProjectCategoryView StatusLast Update
0015797CentOS-7NetworkManagerpublic2019-02-16 01:44
Reportervessokolev 
PrioritynormalSeverityfeatureReproducibilityalways
Status newResolutionopen 
Product Version7.6.1810 
Target VersionFixed in Version 
Summary0015797: NetworkManager cannot use ECC keys with EAP-TLS 802.1x wifi profiles (invalid private key)
Descriptionnmcli responds with the error:

Error: failed to modify 802-1x.private-key: 802-1x.private-key: invalid private key.

to any attempt made for creating EAP-TLS 802.1x WiFi profile, based on Elliptic Curves keys. The GTK interface does not show any error, but keeps the "Connect" button inactive if ECC keys are loaded. That happen regardless the storage format of the ECC keys (encrypted or not).

The same problem can be observed in Ubuntu and Debian. It seems to be a general problem of the upstream code, but it is not easy to find anything related to that on their web page.
Steps To Reproduce$ sudo nmcli connection add type wifi con-name "eduroam" ifname wlan0 ssid "eduroam" -- wifi-sec.key-mgmt wpa-eap 802-1x.eap tls 802-1x.ca-cert /home/username/eduroam/ecc_ca.crt 802-1x.identity anonymous@example.com 802-1x.phase2-ca-path /home/username/eduroam/ecc_ca.crt 802-1x.client-cert /home/username/eduroam/ecc_user.crt 802-1x.private-key /home/username/eduroam/ecc_user.key 802-1x.phase2-private-key-password "some_password"
Additional InformationThe key (/home/username/eduroam/ecc_user.key) is in PEM format (some lines are removed from the key block down bellow):

-----BEGIN EC PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-256-CFB,FE84E6F4F667CECE9186E27185EF8961

CgzP83FFbCmTx0wcDC/vVo5PhMBWzmNg4LgwYhc2er8Gcgg8f7/MuWRmS0GXRmGF
...
...
XCsxdkIUY2UJ+irBkg/a4f/KGoB6bu4=
-----END EC PRIVATE KEY-----

Tags"Network", "wireless", centos 7, NetworkManager
abrt_hash
URL

Activities

vessokolev

vessokolev

2019-02-16 01:44

reporter   ~0033848

Seems like NetworkManager team switched to PKCS#12 files, when user certificates/keys are to be part of the authentication process. More here: https://vessokolev.blogspot.com/2019/02/using-ecc-keys-with-networkmanager-for.html

Issue History

Date Modified Username Field Change
2019-02-07 21:37 vessokolev New Issue
2019-02-07 21:37 vessokolev Tag Attached: "Network"
2019-02-07 21:37 vessokolev Tag Attached: "wireless"
2019-02-07 21:37 vessokolev Tag Attached: centos 7
2019-02-07 21:37 vessokolev Tag Attached: NetworkManager
2019-02-16 01:44 vessokolev Note Added: 0033848