Wireshark-users: Re: [Wireshark-users] 256 pre master encrypted key

From: Sake Blok <sake@xxxxxxxxxx>
Date: Thu, 11 Mar 2010 13:15:23 +0100
On 11 mrt 2010, at 11:11, junk@xxxxxxxxx wrote:

>> On 11 mrt 2010, at 10:42, junk@xxxxxxxxx wrote:
>>> ssl_decrypt_pre_master_secret wrong pre_master_secret length (128,
>>> expected 48)
>> This usually means that the private key provided to Wireshark does not
>> match the public key that was present in the certificate that was sent by
>> the server.
> I have the certificate with me but I can't extract the private RSA key
> from it. It's a signer certificate in DER binary format but it doesn't
> have a RSA key.

The private key is *never* in the certificate, it's the counterpart of a certificate. The signers certificate should contain a public key. This public key can be used to verify the signature in the certificate which was signed by the signers certificate. As it was signed by the private key that matches the public key in the signers certificate.

You might want to take a look at the "SSL troubleshooting" presentation I gave at Sharkfest last year, it should clear things up a bit :-)

Powerpoint: https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_with_Wireshark_and_Tshark.pps
Video:  http://www.lovemytool.com/blog/2009/06/sake_blok_11.html