How can I decode TLS that uses DH?

decode
TLS

asked 2018-03-30 15:10:59 +0000

tlemons
3 ●2 ●3 ●4

updated 2018-03-30 16:03:06 +0000

grahamb

flag of United Kingdom of Great Britain and Northern Ireland

23790 ●4 ●950 ●227 https://www.wireshark.org

I regularly capture and analyze exchanges involving data protection applications that use TLS with ECDHE used as the key exchange algorithm. My current task is to decode an exchange that used the cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

I've read resources like https://sharkfesteurope.wireshark.org... which talk about ways to handle the decoding of DH-based TLS exchanges for a browser like Chrome or Firefox. But how can I decrypt a TLS-protected data stream from something other than a browser? I do have the private key used.

Thanks! tl

edit retag flag offensive close merge delete

add a comment

1 Answer

Sort by » oldest newest most voted

answered 2018-03-30 16:09:07 +0000

grahamb

23790 ●4 ●950 ●227 https://www.wireshark.org

I believe you can't simply decrypt with the master key because that cipher suite supports Forward Secrecy such that the master key is used by both server and client to generate session keys for encryption and decryption requires access to the session key, the master key alone is not sufficient.

This is why decryption of this type of cipher suite requires assistance of the client application to obtain session keys.

edit flag offensive delete link

Comments

Thank you for this explanation!

tlemons ( 2018-03-30 18:54:12 +0000 )edit

add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-30 15:10:59 +0000

Seen: 1,193 times

Last updated: Mar 30 '18

How can I decode TLS that uses DH? edit