site  contact  subhomenews

Encrypted passwords for NetworkManager

September 23, 2019 — BarryK

EDITED 2019-09-24

NetworkManager defaults to storing passwords in plain-text. This has been the case for all of the network management tools used in Puppy and Quirky and Easy, except, I think, UltraSNS. I want to take that extra security step and encrypt passwords.

The security interactions with NetworkManager are devious. Gnome-keyring can be used to encrypt passwords, however, when nm-applet is used to setup a wifi connection, the password is stored in plain text.

The user has to then choose to edit the connection in nm-applet, and the password can be changed to encrypted. Having to perform that extra manual step is so weird. I googled and googled, could not find any way for the first setup of a connection to default to encrypted. So weird.

A connection is stored in a file in /etc/NetworkManager/system-connections, and each file will have a section like this:


It can be changed to encrypted via the nm-applet GUI, however, I also found that it can be done from the commandline:

# nmcli connection modify "${ID}" wifi-sec.psk-flags "1"

Where $ID is an identifier that is found in the above-mentioned connection file.

However, for this to work, 'gnome-keyring-daemon' has to be running, and gnome-keyring has to be unlocked, which requires a password. This was tricky to setup so that it uses the same password that you enter at bootup, and doesn't ask again.

These are the files that I modified in 'rootfs-skeleton' in WoofQ:


Also these in WoofQ:

init script in the initrd

There are comments in the scripts with "190923" date identification. 

Tags: easy