Export TLS Session keys

asked 2021-11-02 14:27:32 +0000

PCrossley gravatar image

updated 2021-11-02 14:37:42 +0000

grahamb gravatar image

Wireshark has an option file->export TLS session keys

From testing I can see that this either requires the (pre)master key file to be set up OR the pcapng itself must have embedded secrets

So I tried this and don't know why it failed:

set up the TLS (Pre)Master secret file
Browse (and successfully decrypt)  data
 file->export TLS session keys
editcap --inject-secrets tls,<file created by export>  <mypcap>    <newpcap>

When I opened the new file nothing would decrypt If I opened the new file, removed the key file from TLS preferences and then exported keys from the file menu I got the same contents as before (the ones now embedded in the file).

I can therefore see no real use for the file->export TLS session keys What have I missed? Could it be made to work the way I suggest ? Even better could we add an "import TLS session keys" to wireshark so that I don't have to use editcap?

edit retag flag offensive close merge delete