0

Decrypting encrypted traffic

asked 2019-07-04 11:44:08 +0000

shyamk4577
1 ●1 ●1

Hello;

I have the server certificate and the private key. Further, I also have the encrypted packet capture file that has the complete communication between the client and the server. Will I be able to decrypt it just by following the TLS standards, or do I need anything else ?

edit retag flag offensive close merge delete

1 Answer

Sort by » oldest newest most voted

0

answered 2019-07-04 11:55:15 +0000

flag of United Kingdom of Great Britain and Northern Ireland

23835 ●4 ●973 ●227 https://www.wireshark.org

See the Wiki page on TLS.

As explained on the page, decrypting traffic using the RSA private key only works in a limited number of cases.

Using the keylogfile method to get per-session secrets works in all cases.

edit flag offensive delete link

Comments

Thank you for the response !

I have access to the server that the clients connect to, and can execute any piece of code on the server. Will that make any difference ?

shyamk4577 ( 2019-07-09 08:29:00 +0000 )edit

You could force the server config to not allow TLS 1.3 and to not use any ciphers other than RSA ones. Basically the opposite of hardening.

I'm not sure if the server software can be persuaded to write a keylogfile. What are you using on the server?

grahamb ( 2019-07-09 10:59:02 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Question Tools

1 follower

Stats

Asked: 2019-07-04 11:44:08 +0000

Seen: 589 times

Last updated: Jul 09 '19