Wireshark mailing list archives
Re: need help to decrypt SSL packets
From: "Sake Blok" <sake () euronet nl>
Date: Wed, 4 Nov 2009 23:55:41 +0100
Seems you are doing the right thing.
Are you able to decrypt ssl traffic in other tracefiles with other keys? Or was this your first try?
Could you share the output of:
ls -l /tmp/esd.key
ls -l `which wireshark`
ls -l `which openssl`
.. to see whether it could be a permission problem?
And are you able to share the tracefile and key or are they from a production environment?
Cheers,
Sake
----- Original Message -----
From: Arnold Wang
To: 'wireshark-users () wireshark org'
Sent: Tuesday, November 03, 2009 9:07 PM
Subject: [Wireshark-users] need help to decrypt SSL packets
I'm running Wireshark 1.1.3 comes with Fedora 11. When I tried to decode the captured FTPS traffics, I'm running into
trouble to load the private key into Wireshark. I got the following error message when I started Wireshark:
ssl_init keys string:
10.x.100.25,990,ftps,/tmp/esd.key
ssl_init found host entry 10.x.100.25,990,ftps,/tmp/esd.key
ssl_init addr '10.x.100.25' port '990' filename '/tmp/esd.key' password(only fo
r p12 file) '(null)'
ssl_load_key: can't import pem data
As far as I can tell, the private key looks OK.
[awang@mars tmp]$ more esd.key
-----BEGIN PRIVATE KEY-----
MIIJQgIBADANBgkqhkiG9w0BAQEFAASCCSwwggkoAgEAAoICAQDuYd7gPiqjx/+pFfQ0QhHhUBR5
t8WDrji+N7QEmmULguE+MJiku4de35EjrlR5PkW6voZ+/xpKjNQvqpi6YI/IzBEgS4b61zreBM55
..
paDoKh7nJpUz+PlQ9YuOUtSXuadQMqsqipYY9CygeQD8xZMopfcrb+obifGZrgfP3KYpTT5mUxld
z/qpPf+Cs+pvgBzzYu4AIaCMG+8lqeS2cD2z8jOavSonRcOfMw==
-----END PRIVATE KEY-----
[awang@mars tmp]$ openssl rsa -inform pem -in esd.key -noout -text
Private-Key: (4096 bit)
modulus:
00:ee:61:de:e0:3e:2a:a3:c7:ff:a9:15:f4:34:42:
11:e1:50:14:79:b7:c5:83:ae:38:be:37:b4:04:9a:
..
What did I miss?
Thanks.
------------------------------------------------------------------------------
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users () wireshark org>
Archives: http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request () wireshark org?subject=unsubscribe___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- need help to decrypt SSL packets Arnold Wang (Nov 03)
- Re: need help to decrypt SSL packets Sake Blok (Nov 04)
- Re: need help to decrypt SSL packets Arnold Wang (Nov 05)
- Re: need help to decrypt SSL packets Sake Blok (Nov 05)
- Re: need help to decrypt SSL packets Arnold Wang (Nov 05)
- Re: need help to decrypt SSL packets Arnold Wang (Nov 05)
- Re: need help to decrypt SSL packets Sake Blok (Nov 05)
- Re: need help to decrypt SSL packets Arnold Wang (Nov 05)
- Re: need help to decrypt SSL packets Arnold Wang (Nov 05)
- Re: need help to decrypt SSL packets Sake Blok (Nov 04)