Re: Wireless Keys stored unencrypted?

[Darren Albers <dalbers gmail com>]

On Tue, Jun 21, 2011 at 7:24 PM, Darren Albers <dalbers gmail com> wrote:
> On Tue, Jun 21, 2011 at 12:27 PM, Jirka Klimes <jklimes redhat com> wrote:
>> On Tuesday 21 of June 2011 14:04:58 Darren Albers wrote:
>>> On Tue, Jun 21, 2011 at 1:08 AM, Dan Williams <dcbw redhat com> wrote:
>>> > On Mon, 2011-06-20 at 17:18 +0530, Ritesh Khadgaray wrote:
>>> >> Hi
>>> >>
>>> >> On Sat, Jun 18, 2011 at 7:57 AM, Darren Albers <dalbers gmail com> wrote:
>>> >> > While doing some research I noticed that wireless keys are located
>>> >> > unencrypted in /etc/sysconfig/network-scripts  It even does this when
>>> >> > I set the wireless to not be a system-connection.   It used to be that
>>> >> > wireless keys were stored in the keyring which seems much safer to me
>>> >> > than storing them locally unencrypted.
>>> >>
>>> >> interesting, I am not an nm developer but this seems to stem from
>>> >> keyfile plugin and relies on file selinux label/permission for
>>> >> protection.
>>> >>
>>> >> I also do not  see an option to not save the password.
>>> >
>>> > Correct, the passwords are not encrypted because there is no user
>>> > available to provide passwords.  The passwords are, however, only
>>> > visible too 'root' and thus should be protected; if your root user is
>>> > compromised you're hosed.  This is also how existing system have worked
>>> > for years, so NM certainly isn't a regression here.
>>> >
>>> > You can also opt to keep your secrets in the user keyring, which is
>>> > accomplished by "secret flags".  For example, if you set 'psk-flags=0x1'
>>> > in the keyfile for a WPA-PSK connection, then NM will ask a user agent
>>> > (like nm-applet) for the password instead of keeping it in /etc.  This
>>> > option is only exposed for 802.1x and LEAP passwords though (via the
>>> > "Always ask for this password" checkbox) because only those password
>>> > types are really personal passwords; a WPA-PSK or WEP key really isn't
>>> > personal.
>>> >
>>> > VPN connections also default to having secrets owned by the user's
>>> > session in a keyring.
>>> >
>>> > Dan
>>>
>>> Thank you Dan!   It sounds like I am incorrect but I used to recall
>>> that if a connection was not a system connection that the key would be
>>> stored in the keyring and that was the default.  Is that not the case
>>> any longer?
>>>
>>
>> With NM 0.9 we get rid of user connections, so we have just system connections
>> (stored and managed by NM itself). And connection visibility only for some
>> users is obtained via permissions in every connection (see USERS= in ifcfg
>> files).
>> As far as secrets are concerned, there are now "Secret Propery Flags" flags
>> saying where the password is stored; see
>> http://projects.gnome.org/NetworkManager/developers/migrating-to-09/secrets-
>> flags.html
>> By default, secrets are stored by NM (flag 0x00). But, as Dan said, for certain
>> connection types (like VPN), the password is rather stored by the client (in a
>> keyring) by default.
>>
>> Jirka
>>
>
> Jirka,
>
> Thank you for the detailed reply, so if I want to tell NM to store my
> password as Agent-Owned for my wpa-psk connection how would I do that?
>  I tried playing with the various ifcfg settings for my wireless and
> nothing I did seemed to force it to use the option 0x1 to ask the
> agent.   Should this setting be placed in the keyfile or in ifcfg?
> The link you sent indicates the dbus commands to send which don't seem
> to match up with the options in either the keyfile or ifcfg so I even
> tried psk_flags and psk-flags and similar variations.   The
> documentation has this:
> psk-flags  uint32  0    Flags indicating how to handle the WPA PSK key.
> (see the section called “Secret flag types” for flag values)
>
> I assume that is the correct attribute to set?
>
> Thank you!
>

Ok I think I figured out the keyfile format via a bit of trial and
error.   Sorry for the noise!