Hi,
I am implementing a packet parser to capture the application data on wire.
In case of https, the application data is encrypted, usually with TLS1.0
etc. I am keen to get any hint on the approach that I should follow.
* TLS1.0 in brief:
-------------------
I have gone through the RFC of TLS1.0. And below is how it works:
1. Exchange the encryption information, premaster-secret and keys using
public key encryption (hello-messages).
2. Also the Random bytes are exchanged.
3. Generate locally the 'master-secret' using the 'premaster-secret' and
random bytes.
4. Use the 'master-secret' to create below six keys:
client/server write keys (for encrypt/decrypt).
client/server MAC (msg digests for message integrity).
client/server IV (initialization vectors for block ciphers).
* Queries:
-----------
1. How does Wireshark decode https packets currently? Does it also
locally generate the six keys mentioned above?
2. I will have the server private key, but will my parser also have to
perform the steps to generate 'master-secret' and locally generate six keys?
Any pointers will be appreciated.
--
Thanks,
Nilesh
