Wireshark mailing list archives
Re: 256 pre master encrypted key
From: junk () nofan com
Date: Thu, 11 Mar 2010 10:24:25 -0500
Thanks Sake, I've watch you presentation and it was very interesting but in my situation I have a signer certificate (which is shown in the server hello packet with a common name of TEST) which is stored in my computer and issued by the server and only personal certificate (common name=HOD) with private keys stored in my computer. I extracted the private keys from the personal certificate and it seemed it didn't match. I am managing certificates with IBM ikeyman I think it's a bit confusing to me !!! Thanks, Mo
On 11 mrt 2010, at 11:11, junk () nofan com wrote:On 11 mrt 2010, at 10:42, junk () nofan com wrote:ssl_decrypt_pre_master_secret wrong pre_master_secret length (128, expected 48)This usually means that the private key provided to Wireshark does not match the public key that was present in the certificate that was sent by the server.I have the certificate with me but I can't extract the private RSA key from it. It's a signer certificate in DER binary format but it doesn't have a RSA key.The private key is *never* in the certificate, it's the counterpart of a certificate. The signers certificate should contain a public key. This public key can be used to verify the signature in the certificate which was signed by the signers certificate. As it was signed by the private key that matches the public key in the signers certificate. You might want to take a look at the "SSL troubleshooting" presentation I gave at Sharkfest last year, it should clear things up a bit :-) Powerpoint: https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_with_Wireshark_and_Tshark.pps Video: http://www.lovemytool.com/blog/2009/06/sake_blok_11.html Cheers, Sake ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- 256 pre master encrypted key junk (Mar 11)
- Re: 256 pre master encrypted key Sake Blok (Mar 11)
- Re: 256 pre master encrypted key junk (Mar 11)
- Re: 256 pre master encrypted key Sake Blok (Mar 11)
- Re: 256 pre master encrypted key junk (Mar 11)
- Re: 256 pre master encrypted key Sake Blok (Mar 11)
- Re: 256 pre master encrypted key junk (Mar 13)
- Re: 256 pre master encrypted key junk (Mar 11)
- Re: 256 pre master encrypted key Sake Blok (Mar 11)