Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 256 pre master encrypted key

From: junk () nofan com
Date: Thu, 11 Mar 2010 10:24:25 -0500
Thanks Sake,

I've watch you presentation and it was very interesting but in my
situation I have a signer certificate (which is shown in the server hello
packet with a common name of TEST) which is stored in my computer and
issued by the server and only personal certificate (common name=HOD) with
private keys stored in my computer.

I extracted the private keys from the personal certificate and it seemed
it didn't match.

I am managing certificates with IBM ikeyman I think it's a bit confusing
to me !!!

Thanks,
Mo



On 11 mrt 2010, at 11:11, junk () nofan com wrote:


On 11 mrt 2010, at 10:42, junk () nofan com wrote:


ssl_decrypt_pre_master_secret wrong pre_master_secret length (128,
expected 48)


This usually means that the private key provided to Wireshark does not
match the public key that was present in the certificate that was sent
by
the server.


I have the certificate with me but I can't extract the private RSA key
from it. It's a signer certificate in DER binary format but it doesn't
have a RSA key.


The private key is *never* in the certificate, it's the counterpart of a
certificate. The signers certificate should contain a public key. This
public key can be used to verify the signature in the certificate which
was signed by the signers certificate. As it was signed by the private key
that matches the public key in the signers certificate.

You might want to take a look at the "SSL troubleshooting" presentation I
gave at Sharkfest last year, it should clear things up a bit :-)

Powerpoint:
https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_with_Wireshark_and_Tshark.pps
Video:  http://www.lovemytool.com/blog/2009/06/sake_blok_11.html

Cheers,


Sake

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: