Wireshark-users: Re: [Wireshark-users] export the private key on Windows?

From: Sake Blok <sake@xxxxxxxxxx>
Date: Mon, 9 Apr 2007 20:17:59 +0200

On Mon, Apr 09, 2007 at 01:52:21PM -0400, Jeffrey Ross wrote:
> ok, then I'm missing something or doing something wrong.  The key that was
> given to me was in PKCS#12 format and I was provided the password for the
> key.  I then used openssh to convert the key to RSA with the following
> command (on a linux system - FC6):
> 
> openssl pkcs12 -in ./privatekey.p12 -out outkey.pem -nodes -nocerts
> 
> I was asked for the key password and entered it:
> Enter Import Password: <password entered>
> MAC verified OK
> 
> I removed the data before the line that started "BEGIN RSA PRIVATE KEY"
> and used the line in wireshark:
> 10.1.0.3,443,http,d:\capture\outkey.pem
> 
> Where 10.1.0.3 is the IP address of the server that I have the private key
> for.

Sounds about right to me :)
 
> So either I'm still doing something wrong or the administrator has
> provided me with the incorrect key, possible but not likely.
> 
> Any help would be appreciated...

Could you enable ssl-debugging by entering a filename in the 
ssl-protocol-preferences at "SSL debug file"? Are there any
clues in the debug-file? If you need help interpreting, could 
you send the debug-file to the list (or me)?

Just some shortcomings of the decryption-capabilities:
- SSLv2 is not supported 
- Cipher 0x39 (TLS_DHE_RSA_WITH_AES_256_CBC_SHA) is not supported
  by the libraries used by Wireshark and is used for example by firefox

Cheers,


Sake