On Mon, Apr 09, 2007 at 01:52:21PM -0400, Jeffrey Ross wrote:
> ok, then I'm missing something or doing something wrong. The key that was
> given to me was in PKCS#12 format and I was provided the password for the
> key. I then used openssh to convert the key to RSA with the following
> command (on a linux system - FC6):
>
> openssl pkcs12 -in ./privatekey.p12 -out outkey.pem -nodes -nocerts
>
> I was asked for the key password and entered it:
> Enter Import Password: <password entered>
> MAC verified OK
>
> I removed the data before the line that started "BEGIN RSA PRIVATE KEY"
> and used the line in wireshark:
> 10.1.0.3,443,http,d:\capture\outkey.pem
>
> Where 10.1.0.3 is the IP address of the server that I have the private key
> for.
Sounds about right to me :)
> So either I'm still doing something wrong or the administrator has
> provided me with the incorrect key, possible but not likely.
>
> Any help would be appreciated...
Could you enable ssl-debugging by entering a filename in the
ssl-protocol-preferences at "SSL debug file"? Are there any
clues in the debug-file? If you need help interpreting, could
you send the debug-file to the list (or me)?
Just some shortcomings of the decryption-capabilities:
- SSLv2 is not supported
- Cipher 0x39 (TLS_DHE_RSA_WITH_AES_256_CBC_SHA) is not supported
by the libraries used by Wireshark and is used for example by firefox
Cheers,
Sake