Ask Your Question
0

Decrypting encrypted traffic

asked 2019-07-04 11:44:08 +0000

shyamk4577 gravatar image

Hello;

I have the server certificate and the private key. Further, I also have the encrypted packet capture file that has the complete communication between the client and the server. Will I be able to decrypt it just by following the TLS standards, or do I need anything else ?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2019-07-04 11:55:15 +0000

grahamb gravatar image

See the Wiki page on TLS.

As explained on the page, decrypting traffic using the RSA private key only works in a limited number of cases.

Using the keylogfile method to get per-session secrets works in all cases.

edit flag offensive delete link more

Comments

Thank you for the response !

I have access to the server that the clients connect to, and can execute any piece of code on the server. Will that make any difference ?

shyamk4577 gravatar imageshyamk4577 ( 2019-07-09 08:29:00 +0000 )edit

You could force the server config to not allow TLS 1.3 and to not use any ciphers other than RSA ones. Basically the opposite of hardening.

I'm not sure if the server software can be persuaded to write a keylogfile. What are you using on the server?

grahamb gravatar imagegrahamb ( 2019-07-09 10:59:02 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2019-07-04 11:44:08 +0000

Seen: 556 times

Last updated: Jul 09 '19