View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0015797 | CentOS-7 | NetworkManager | public | 2019-02-07 21:37 | 2019-02-16 01:44 |
| Reporter | vessokolev | ||||
| Priority | normal | Severity | feature | Reproducibility | always |
| Status | new | Resolution | open | ||
| Product Version | 7.6.1810 | ||||
| Target Version | Fixed in Version | ||||
| Summary | 0015797: NetworkManager cannot use ECC keys with EAP-TLS 802.1x wifi profiles (invalid private key) | ||||
| Description | nmcli responds with the error: Error: failed to modify 802-1x.private-key: 802-1x.private-key: invalid private key. to any attempt made for creating EAP-TLS 802.1x WiFi profile, based on Elliptic Curves keys. The GTK interface does not show any error, but keeps the "Connect" button inactive if ECC keys are loaded. That happen regardless the storage format of the ECC keys (encrypted or not). The same problem can be observed in Ubuntu and Debian. It seems to be a general problem of the upstream code, but it is not easy to find anything related to that on their web page. | ||||
| Steps To Reproduce | $ sudo nmcli connection add type wifi con-name "eduroam" ifname wlan0 ssid "eduroam" -- wifi-sec.key-mgmt wpa-eap 802-1x.eap tls 802-1x.ca-cert /home/username/eduroam/ecc_ca.crt 802-1x.identity anonymous@example.com 802-1x.phase2-ca-path /home/username/eduroam/ecc_ca.crt 802-1x.client-cert /home/username/eduroam/ecc_user.crt 802-1x.private-key /home/username/eduroam/ecc_user.key 802-1x.phase2-private-key-password "some_password" | ||||
| Additional Information | The key (/home/username/eduroam/ecc_user.key) is in PEM format (some lines are removed from the key block down bellow): -----BEGIN EC PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CFB,FE84E6F4F667CECE9186E27185EF8961 CgzP83FFbCmTx0wcDC/vVo5PhMBWzmNg4LgwYhc2er8Gcgg8f7/MuWRmS0GXRmGF ... ... XCsxdkIUY2UJ+irBkg/a4f/KGoB6bu4= -----END EC PRIVATE KEY----- | ||||
| Tags | "Network", "wireless", centos 7, NetworkManager | ||||
| abrt_hash | |||||
| URL | |||||
 |
Seems like NetworkManager team switched to PKCS#12 files, when user certificates/keys are to be part of the authentication process. More here: https://vessokolev.blogspot.com/2019/02/using-ecc-keys-with-networkmanager-for.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2019-02-07 21:37 | vessokolev | New Issue | |
| 2019-02-07 21:37 | vessokolev | Tag Attached: "Network" | |
| 2019-02-07 21:37 | vessokolev | Tag Attached: "wireless" | |
| 2019-02-07 21:37 | vessokolev | Tag Attached: centos 7 | |
| 2019-02-07 21:37 | vessokolev | Tag Attached: NetworkManager | |
| 2019-02-16 01:44 | vessokolev | Note Added: 0033848 |
