This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

decrypt ldap over ssl

0

Hi guys,

I'm unable to decrypt ldaps traffic using Wireshark. My concern is (not sure about it) I have the private key from the Server but when I open it it begins with -----BEGIN PRIVATE KEY----- and not -----BEGIN RSA PRIVATE KEY----- can this cause problems ?

Any help is much appreciated !

Thank you and best regards

Adam

asked 21 Sep '15, 04:38

adasko's gravatar image

adasko
86343842
accept rate: 0%

Also, I was able to decrypt the snakeoil capure file.

(21 Sep '15, 04:41) adasko

One Answer:

1

it it begins with -----BEGIN PRIVATE KEY----- and not -----BEGIN RSA PRIVATE KEY-----

Try to add the string "RSA" to it. What happens then?

can this cause problems ?

yes. You should see that in the SSL debug file

Edit -> Preferences -> Protocols -> SSL -> SSL debug file

If possible, please upload the ssl debug file somewhere and post the link here.

Regards
Kurt

answered 21 Sep '15, 04:51

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

thank you Kurt for you comment ! i did now the following. Used openSSL to convert it the correct format. When I open the new key file now, it says BEGIN RSA PRIVATE KEY but still not able to decrypt the data. Just one more what not sure if is ok. I mean when I open the .key file i get the content inside in one long line , not in rows ....

(21 Sep '15, 05:30) adasko
1

I mean when I open the .key file i get the content inside in one long line , not in rows ....

That does not matter.

Can you please post the ssl debug file. Without that I will have to look into my crystal ball to figure out what's wrong ;-)

(21 Sep '15, 06:09) Kurt Knochner ♦

Hi Kurt! Where can i get one :D ?

I suspect that it's the private key. Customer will provide a new key. For now I consider this to be solved and will mark as resolved. If still issues will report it back !

Thank you and have a great day !

BR Adam

(21 Sep '15, 07:15) adasko

You're welcome!

(21 Sep '15, 09:35) Kurt Knochner ♦