How to see the encrypted key in wireshark, during ssl key exchange?

by

You won’t see the encrypted shared-key, it’s not exchanged. You can see the encrypted pre-master secret when using RSA authenticated key exchange. (Note that using Ephemeral Diffie-Hellman isn’t the only reason for not seeing a server key exchange message: it could also use a DH_DSS or DH_RSA cipher suite, but this is unusual as far as I know).

If you follow the instructions about decrypting SSL with Wireshark, use the “SSL debug file” option to store the logs into a file. (Note that the user interface has changed slightly in newer versions of Wireshark, in the way you configure the private key.)

The log files will contain the pre-master secret and the shared keys.

(By the way, you need the server’s private key to do this, of course.)

Using the sample data provided on the Wireshark page, you get:

pre master encrypted[128]:
65 51 2d a6 d4 a7 38 df ac 79 1f 0b d9 b2 61 7d 
73 88 32 d9 f2 62 3a 8b 11 04 75 ca 42 ff 4e d9 
cc b9 fa 86 f3 16 2f 09 73 51 66 aa 29 cd 80 61 
0f e8 13 ce 5b 8e 0a 23 f8 91 5e 5f 54 70 80 8e 
7b 28 ef b6 69 b2 59 85 74 98 e2 7e d8 cc 76 80 
e1 b6 45 4d c7 cd 84 ce b4 52 79 74 cd e6 d7 d1 
9c ad ef 63 6c 0f f7 05 e4 4d 1a d3 cb 9c d2 51 
b5 61 cb ff 7c ee c7 bc 5e 15 a3 f2 52 0f bb 32 

pre master secret[48]:
03 00 ff 84 56 6d a0 fb cc fd c6 c8 20 d5 f0 65 
18 87 b0 44 45 9c e3 92 f0 4d 32 cd 41 85 10 24 
cb 7a b3 01 36 3d 93 27 12 a4 7e 00 29 96 59 d8 

master secret[48]:
1e db 35 95 b8 18 b3 52 58 f3 07 3f e6 af 8a a6 
ab c3 a4 ed 66 3a 46 86 b6 e5 49 2a 7c f7 8c c2 
ac 22 bb 13 15 0f d8 62 a2 39 23 7b c2 ff 28 fb 

key expansion[136]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 
63 aa 17 1f 47 71 95 71 08 e0 4b 8e e1 da 7b 4a 
5a f3 c2 32 bd e0 a5 82 6d 14 44 3a d6 cb 2d c0 
7d 57 be a8 37 de 5d d9 a1 07 fd 1b 22 71 b9 4b 
7a 1e 0f 70 37 14 97 0a f0 db 98 3b 7b 74 e3 2d 
51 66 2e 31 68 90 ac 6f e6 53 3c c9 5e 48 0c 05 
bc 9f 92 e7 f9 91 98 f5 95 1c c4 bf d9 cb 26 ef 
35 70 5e ad 21 22 3e f6 
Client MAC key[20]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa 
Server MAC key[20]:
b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 63 aa 17 1f 
47 71 95 71 
Client Write key[32]:
08 e0 4b 8e e1 da 7b 4a 5a f3 c2 32 bd e0 a5 82 
6d 14 44 3a d6 cb 2d c0 7d 57 be a8 37 de 5d d9 
Server Write key[32]:
a1 07 fd 1b 22 71 b9 4b 7a 1e 0f 70 37 14 97 0a 
f0 db 98 3b 7b 74 e3 2d 51 66 2e 31 68 90 ac 6f 
Client Write IV[16]:
e6 53 3c c9 5e 48 0c 05 bc 9f 92 e7 f9 91 98 f5 
Server Write IV[16]:
95 1c c4 bf d9 cb 26 ef 35 70 5e ad 21 22 3e f6

More Related Contents:

  1. decrypt with public key [closed]
  2. SQLite with encryption/password protection
  3. How to choose an AES encryption mode (CBC ECB CTR OCB CFB)?
  4. Which Cipher Suites to enable for SSL Socket?
  5. JavaScript string encryption and decryption?
  6. Using SSL in an iPhone App – Export Compliance
  7. What is the optimal length for user password salt? [closed]
  8. Difference between encoding and encryption
  9. How to use OpenSSL to encrypt/decrypt files?
  10. What is the difference between encrypting and signing in asymmetric encryption? [closed]
  11. RSA Public Key format
  12. What is point of SSL if fiddler 2 can decrypt all calls over HTTPS?
  13. Example of AES using Crypto++ [closed]
  14. encryption/decryption with multiple keys
  15. Secure Online Highscore Lists for Non-Web Games
  16. Should I use an initialization vector (IV) along with my encryption?
  17. How does a cryptographically secure random number generator work?
  18. AES Encryption – Key versus IV
  19. How to implement password protection for individual files?
  20. Switching between HTTP and HTTPS pages with secure session-cookie
  21. Should jwt web token be encrypted?
  22. Enable TLSv1.2 and TLS_RSA_WITH_AES_256_CBC_SHA256 Cipher Suite
  23. SSLHandshakeException: Received fatal alert: handshake_failure when setting ciphers on tomcat 7 server
  24. Which “good” block encryption algorithm has the shortest output?
  25. How to fix curl: (60) SSL certificate: Invalid certificate chain
  26. SSL “Peer Not Authenticated” error with HttpClient 4.1
  27. Error occurred while decoding OAEP padding
  28. Creating .p12 truststore with openssl
  29. Error “Could not load SSL library” on Android with TidHTTP
  30. How can I make Android Volley perform HTTPS request, using a certificate self-signed by an Unknown CA?

Leave a Comment