Ask Your Question
0

unable to decrypt ssl with server private key

asked 2018-04-24 15:36:52 +0000

lanette gravatar image

Hi, I have generated the private key according to https://aboutssl.org/how-to-create-an... then I use the generated privandpub.key as key file in RSA key lists. However my application data is still encrypted. Below is my ssldebug log. Could someone please guide me through this? Thanks in advance.

Wireshark SSL debug log 

Wireshark version: 2.4.6 (v2.4.6-0-ge2f395aa12)
GnuTLS version:    3.4.11
Libgcrypt version: 1.7.6

KeyID[20]:
| 92 40 4a 81 c7 01 8d 55 d6 e4 30 aa 38 7f 6a e4 |[email protected].|
| 38 49 53 7e                                     |8IS~            |
ssl_load_key: swapping p and q parameters and recomputing u
ssl_init private key file D:/vbshare/priv_and_pub.key successfully loaded.
ssl_init port '2225' filename 'D:/vbshare/priv_and_pub.key' password(only for p12 file) ''
association_add ssl.port port 2225 handle 000001F79C737100

dissect_ssl enter frame #14 (first time)
packet_from_server: is from server - FALSE
  conversation = 000001F7A3638AF0, ssl_session = 000001F7A3639560
  record: offset = 0, reported_length_remaining = 517
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 512, ssl state 0x00
packet_from_server: is from server - FALSE
decrypt_ssl3_record: using client decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 1 offset 5 length 508 bytes, remaining 517 
Calculating hash with offset 5 512
ssl_dissect_hnd_hello_common found CLIENT RANDOM -> state 0x01

dissect_ssl enter frame #15 (first time)
packet_from_server: is from server - TRUE
  conversation = 000001F7A3638AF0, ssl_session = 000001F7A3639560
  record: offset = 0, reported_length_remaining = 1349
ssl_try_set_version found version 0x0303 -> state 0x91
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 61, ssl state 0x91
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 2 offset 5 length 57 bytes, remaining 66 
ssl_try_set_version found version 0x0303 -> state 0x91
Calculating hash with offset 5 61
ssl_dissect_hnd_hello_common found SERVER RANDOM -> state 0x93
ssl_set_cipher found CIPHER 0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -> state 0x97
ssl_load_keyfile dtls/ssl.keylog_file is not configured!
tls13_change_key TLS version 0x303 is not 1.3
tls13_change_key TLS version 0x303 is not 1.3
  record: offset = 66, reported_length_remaining = 1283
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 931, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 11 offset 71 length 927 bytes, remaining 1002 
Calculating hash with offset 71 931
lookup(KeyID)[20]:
| 92 40 4a 81 c7 01 8d 55 d6 e4 30 aa 38 7f 6a e4 |[email protected].|
| 38 49 53 7e                                     |8IS~            |
ssl_find_private_key_by_pubkey: lookup result: 000001F79CB37B40
  record: offset = 1002, reported_length_remaining = 347
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 333, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 12 offset 1007 length 329 bytes, remaining 1340 
Calculating hash with offset 1007 333
  record: offset = 1340, reported_length_remaining = 9
dissect_ssl3_record: content_type 22 Handshake
decrypt_ssl3_record: app_data len 4, ssl state 0x97
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
dissect_ssl3_handshake iteration 1 type 14 offset 1345 length 0 bytes, remaining 1349 
Calculating hash with offset 1345 4

dissect_ssl enter frame ...
(more)
edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-04-24 15:48:03 +0000

grahamb gravatar image

From the log:

ssl_set_cipher found CIPHER 0xC02F TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256

The cipher used for the connection uses DH key exchange, so the private key is of no use. You need the pre-master key from either the client or the server.

See the Wireshark wiki on decrypting SSL connections.

edit flag offensive delete link more

Comments

Hi @grahamb, thanks for the pointer. I am following this walkthrough to get the SSLKEYLOGFILE, but it doesn't seem to be exported when I start chrome. I'm using windows 10.

lanette gravatar imagelanette ( 2018-04-25 08:49:26 +0000 )edit

What have you set the SSLKEYLOGFILE environment variable to?

grahamb gravatar imagegrahamb ( 2018-04-25 09:22:40 +0000 )edit

I am setting the SSLKEYLOGFILE to D:\myfolder\ssl.txt under both user and system variable, strangely, this is working on my windows 7 machine but not windows 10. Also I am planning to decrypt the tls traffic from my android app, is it possible?

lanette gravatar imagelanette ( 2018-04-25 14:45:01 +0000 )edit

Is the Chrome version the same on both machines?

grahamb gravatar imagegrahamb ( 2018-04-25 15:07:13 +0000 )edit

No, my windows 7's is 66 and my windows 10's 65.

lanette gravatar imagelanette ( 2018-04-26 01:56:53 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-04-24 15:36:52 +0000

Seen: 3,160 times

Last updated: Apr 24 '18