Ask Your Question
0

How can I decode TLS that uses DH?

asked 2018-03-30 15:10:59 +0000

tlemons gravatar image

updated 2018-03-30 16:03:06 +0000

grahamb gravatar image

I regularly capture and analyze exchanges involving data protection applications that use TLS with ECDHE used as the key exchange algorithm. My current task is to decode an exchange that used the cipher suite TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256.

I've read resources like https://sharkfesteurope.wireshark.org... which talk about ways to handle the decoding of DH-based TLS exchanges for a browser like Chrome or Firefox. But how can I decrypt a TLS-protected data stream from something other than a browser? I do have the private key used.

Thanks! tl

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-03-30 16:09:07 +0000

grahamb gravatar image

I believe you can't simply decrypt with the master key because that cipher suite supports Forward Secrecy such that the master key is used by both server and client to generate session keys for encryption and decryption requires access to the session key, the master key alone is not sufficient.

This is why decryption of this type of cipher suite requires assistance of the client application to obtain session keys.

edit flag offensive delete link more

Comments

Thank you for this explanation!

tlemons gravatar imagetlemons ( 2018-03-30 18:54:12 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-03-30 15:10:59 +0000

Seen: 1,391 times

Last updated: Mar 30 '18