← All solutions
Arch Linux · Networking

Connecting to Wi-Fi networks with non-ASCII
or Unicode passphrases

When a Wi-Fi password contains special Unicode characters (such as currency symbols or accents), the iNet Wireless Daemon (iwd) rejects it. I resolved this by translating the passphrase into a raw 64-character hexadecimal pre-shared key (PSK).

Arch Linux NetworkManager iwd (iNet Wireless Daemon)
The Challenge

I tried connecting my system to a Wi-Fi network whose passphrase contained a special Unicode character (such as the euro symbol ). Despite typing the correct credentials, the connection request failed immediately.

In NetworkManager, the client repeatedly raised the error Secrets were required, but not provided. Digging into the system logs via journalctl, I found that the underlying backend daemon, iwd, was failing with:

journalctl 
Network.Connect failed: GDBus.Error:net.connman.iwd.InvalidFormat: Argument format is invalid
Root Cause

The iwd backend generates individual network configuration profiles stored inside /var/lib/iwd/<SSID>.psk. The daemon's config parser restricts the Passphrase key to only contain printable ASCII characters (characters between ASCII 32 and 126).

Because multi-byte UTF-8 or Unicode characters fall outside this range, the config validator flags the entry as malformed. When NetworkManager writes the plaintext passphrase directly to the configuration file, iwd refuses to parse it, resulting in the DBus InvalidFormat crash.

The Solution

To work around this limitation, I bypassed storing the plaintext passphrase and generated the raw 64-character hexadecimal pre-shared key (PSK) representation instead. Hex hashes only consist of standard alphanumeric ASCII characters, making them perfectly valid in iwd configuration profiles.

Generate the Hexadecimal PSK Hash

Using the standard utility wpa_passphrase, I calculated the network hash using my SSID and the Unicode password:

bash 
wpa_passphrase "MySSID" "my_password_with_€"
# Output:
# network={
#   ssid="MySSID"
#   #psk="my_password_with_€"
#   psk=aa10d663ebfd16d3d6009ccd6f4f3c74972848afe29672e9f51b313006b7ba04
# }

Inject the Hash into NetworkManager

I replaced the connection profile password in NetworkManager using nmcli. Passing the 64-character hex hash directly forces NetworkManager to write the value as a PreSharedKey entry inside iwd, bypassing the plaintext passphrase validator.

bash 
sudo nmcli connection modify "MySSID" wifi-sec.psk "aa10d663ebfd16d3d6009ccd6f4f3c74972848afe29672e9f51b313006b7ba04"

Reload Connections and Activate the Link

I reloaded the profiles and triggered connection activation:

bash 
sudo nmcli connection reload
nmcli connection up "MySSID"