Hi , I have to decrypt the SIP messages on wire shark. I have a phone which is logged in to Lync server and is sending packets when there is communication between the phone and server. Please tell me how i can decrypt the messages. I have a .pem file and have given the serverip,port,sip,<file locatoin=""> in preferences (SSL). Thanks in advance, SL. asked 03 Jul '13, 23:05  Srinivas Lolla |
One Answer:
For SSl decryption to work, you need the private key from the server. A .pem file is usually a certificate, not a private key. Does your .pem file start with something like: If not, it is either not the private key or it is not in the correct format. answered 04 Jul '13, 01:40  SYN-bit ♦♦ |
My Pem file is starts like this ::
Bag Attributes Microsoft Local Key set: <no values=""> localKeyID: 01 00 00 00 friendlyName: le-e965d996-09b2-4b52-8e44-3d62e03b52aa Microsoft CSP Name: Microsoft RSA SChannel Cryptographic Provider Key Attributes X509v3 Key Usage: 10 -----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQI9Fwi9ruu9SICAggA MBQGCCqGSIb3DQMHBAi30XOn+iUA9ASCBMhza5Nq8lpCluyOc2uz1cx00DWpdMmb TkMRw6Wsx3FfV8NexDYWZ/Zy4efx5Qq1+vx4+Oi1frhlb7AR5+hiZgV6l8pFDOl+
This is a PKCS12 formatted private key with a passphrase. Wireshark is able to read the key if you provide the passphrase too in the SSL RSA Keys list.