Wireshark-users: Re: [Wireshark-users] 256 pre master encrypted key

Date: Sat, 13 Mar 2010 06:28:00 -0500
Hello again;

below is my debug file on a SSL session captured. Is if possible to know
the rsa private key length ???



dissect_ssl enter frame #220 (first time)
  conversation = 0xb3f7cb20, ssl_session = 0xb3f7cd70
  record: offset = 0, reported_length_remaining = 267
dissect_ssl3_record: content_type 22
decrypt_ssl3_record: app_data len 262 ssl, state 0x17
association_find: TCP port 3974 found (nil)
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes,
remaining 267
pre master encrypted[256]:
94 40 4f dd 45 c7 1c b3 a2 ec fe a3 0b b2 25 47
7a 54 1a c2 10 73 c4 a2 ce 75 b1 50 b9 9e 09 c8
1b 28 a5 28 3a 76 f3 5f 68 ae 0a b4 a8 da ac dd
e6 ef 86 0c b0 81 67 86 bf 34 29 4e 56 5f 1f b7
d6 7c 88 d6 94 8a 3a a1 05 6e c4 bf 96 10 86 08
4e cc 45 b5 4e 05 59 c2 8d 3e 56 04 75 bc 5a 58
bd c6 50 61 1a 57 fe 28 e8 b6 6d c0 4a ac 29 1b
c6 92 63 ed 31 85 bd ce 79 70 33 f9 3f 25 8d 01
41 e6 9d a4 cf 82 60 d7 a1 fd 1c 3a aa 89 39 0c
dc 72 30 26 37 ac 28 96 61 15 a0 fe da 81 d9 1d
0c 22 d8 0e f1 a9 70 e2 f6 82 cd 65 7f 30 b5 62
4b 15 a9 30 71 5c 70 8e 44 94 8b 7e b5 23 89 07
41 4d f5 16 97 b7 2f 95 58 3c e1 2f 24 ab 35 a4
2e d0 0d ab ee 76 6c f9 9f 44 e6 9f 44 7c 4b be
35 f7 89 92 31 ef d6 69 bb b6 ad 49 68 54 09 99
27 79 90 bc 07 ee 6e 80 0e 47 18 62 36 0d f0 9b
ssl_decrypt_pre_master_secret:RSA_private_decrypt
pcry_private_decrypt: stripping 0 bytes, decr_len 128
decrypted_unstrip_pre_master[128]:
65 d9 62 bf d3 48 0c a3 81 c6 98 61 8a b1 bf 76
c9 c9 de 1f 1c c7 1f e0 f2 3f 29 a2 21 cb 44 44
a9 9d af d0 5f 77 84 e3 ad b6 14 ed c3 da 74 d9
0a 3c da 1c 24 2a b1 8c c9 08 8e 05 20 4d cd 06
a5 a3 0a 2c 08 21 e8 6c e3 4f f1 58 20 48 3a 64
d0 ed 13 c9 a5 9f 91 a1 39 5e 6f 03 30 74 e8 d6
c2 97 2a 61 af de e5 84 02 1d e7 9b a8 2a fc ba
b4 f2 7c b4 28 b4 16 b3 99 d7 59 f1 87 f2 e6 09
ssl_decrypt_pre_master_secret wrong pre_master_secret length (128,
expected 48)
dissect_ssl3_handshake can't decrypt pre master secret





> On 11 mrt 2010, at 16:24, junk@xxxxxxxxx wrote:
>
>> I've watch you presentation and it was very interesting but in my
>> situation I have a signer certificate (which is shown in the server
>> hello
>> packet with a common name of TEST) which is stored in my computer and
>> issued by the server and only personal certificate (common name=HOD)
>> with
>> private keys stored in my computer.
>>
>> I extracted the private keys from the personal certificate and it seemed
>> it didn't match.
>
> To be able to decrypt SSL traffic with Wireshark, you need to have the
> private key of the certificate that is presented in the Certificate
> message (which is being sent after the ServerHello). In your case this
> would be the private key of the certificate with the common name of TEST.
> This private key is stored on the server that you make a connection to.
>
>> I am managing certificates with IBM ikeyman I think it's a bit confusing
>> to me !!!
>
> I have not used IBM ikeyman, so I can't help you there unfortunately...
>
> Cheers,
>
>
> Sake
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>