Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] SSL decryption -- RSA Key format

From: Vijay Sitaram <vjatfugen@xxxxxxxxx>
Date: Fri, 27 Oct 2006 16:11:52 -0700 (PDT)
Are you using Wireshark or the command line 'tshark' for this decryption?  I have been trying to decrypt SSL traffic for the last couple of weeks but have not been successful as of yet.
 
    Here are the steps to export an IIS certificate to a private key file:
  1. Click on View Certificate under Directory Security tab (when viewing the Defaul Web Site Properties).
  2. Click on Details tab and Copy To File�
  3. Click on Next for the Certificate Export wizard.
  4. Choose Yes under Export Private Key option and click on Next.
  5. Uncheck Enable strong protection option and click on Next.
  6. Click on Next on the password dialog (don't enter a password).
  7. Enter a file name such as C:\Temp\www.something.com-w3svc.pfx and click on Next.
  8. Click on Finish and Click on OK.
  9. Copy the exported file to a machine running OpenSSL and execute the following command:
  10. openssl pkcs12 -in /path/to/www.something.com-w3svc.pfx -out /path/to/www.something.com-w3svc-Key.pem -nodes -nocerts
   In theory you should then be able to use a command such as the follows to decrypt SSL traffic:
tshark -V -r rsasnakeoil2.cap -o "ssl.keys_list: 127.0.0.1,443,http,/path/to/snakeoil2/rsasnakeoil2.key" -o "ssl.debug_file: /path/to/snakeoil2/ssldebug.txt" > output.txt

  Please let share your experiences if your decryption attempts are successfull.
 
  Kind regards,
 
Vijay
"Kukosa, Tomas" <tomas.kukosa@xxxxxxxxxxx> wrote:
I am not sure now if it is PKCS#8 but it has to be saved as only unencrypted privete key in PEM format.

Regards,
Tomas

________________________________

Od: wireshark-users-bounces@xxxxxxxxxxxxx za u�ivatele Baker, Brian
Odesl�no: p� 27.10.2006 17:33
Komu: wireshark-users@xxxxxxxxxxxxx
P�edm�t: [Wireshark-users] SSL decryption -- RSA Key format


I have just run in to the first situation where I've needed to use Wireshark's SSL decryption feature. I want to know what format the RSA key file needs to be in? Is this PKCS#8 (private key only)?

I'm working from an IIS server, which I understand can export to PKCS#12. I've also seen some tutorials online for using OpenSSL to convert it into the PKCS#8 format. I just wanted to check if that was a necessary step or not.

Thanks,
Brian Baker
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users


We have the perfect Group for you. Check out the handy changes to Yahoo! Groups.