Ask Your Question
0

Decrypting Application Data with Private Key File

asked 2018-05-14 22:04:28 +0000

cowanjt gravatar image

I captured packets with Wireshark, but during the packet capture session, I did not have access to a private key to decrypt data. I was able to get the private key for the server and add it, but when I look at packets with Application Data, the contents still appears to be encrypted.

I read the following article, and it appears I'm meeting the criteria for decrypting the packets.

Decrypt SSL/TLS Packets

I just wasn't sure if decrypting can be done asynchronously from the packet capture. Is it possible to decrypt application data if the private key is only available after the packet capture session?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2018-05-15 07:34:37 +0000

grahamb gravatar image

Yes it is, however the capture must include the SSL\TLS handshake and also use an RSA key exchange.

The presentation by @SYN-bit on SSL\TLS Troubleshooting here might help.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

Stats

Asked: 2018-05-14 22:04:28 +0000

Seen: 12,702 times

Last updated: May 15 '18