This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

i know the encryption key, whats next ?

0

i was inspecting a HTTPS site and i found the certificate packet and i found this key in it

Cipher Suite: TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b)

is this what i need to decrypt the traffic ??

i hope if someone could tell me what to do next in a more practical way

asked 20 Mar '16, 16:42

Mostafa%20Nafady's gravatar image

Mostafa Nafady
11224
accept rate: 0%

edited 20 Mar '16, 16:51


One Answer:

0

The Certificate packet contains the public key which cannot be used to decrypt traffic.

The mentioned cipher suite uses the Diffie-Hellman algorithm for key exchange which cannot be decrypted anyway using a RSA private key. If you are interested in browser traffic, have a look at using the SSL keylog method described at https://wiki.wireshark.org/SSL#SSL_dissection_in_Wireshark.

answered 21 Mar '16, 03:07

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

Thanks A lot for clarifying this for me

(21 Mar '16, 07:52) Mostafa Nafady

If an answer has solved your issue, please accept the answer for the benefit of other users by clicking the checkmark icon next to the answer. Please read the FAQ for more information.

(21 Mar '16, 09:52) grahamb ♦