Wireshark-users: [Wireshark-users] 256 pre master encrypted key
From: junk@xxxxxxxxx
Date: Thu, 11 Mar 2010 04:42:18 -0500
Hi all, I am trying to test the security of the connections to our IBM databases. we're using IBM personal communications (it's basically a telnet application but with SSL/TLS security) I have the RSA keys but I would like to know why wireshark can't decrypt the packets from server/client. Here is a dump from the debug file : -------------------- START OF DEBUG ---------------------- ssl_init keys string: 10.10.1.3,7623,http,c:\a.pem ssl_init found host entry 10.10.1.3,7623,http,c:\a.pem ssl_init addr '10.10.1.3' port '7623' filename 'c:\a.pem' password(only for p12 file) '(null)' Private key imported: KeyID 13:D5:98:72:CB:1D:08:4F:CC:75:56:34:66:16:55:F6:... ssl_init private key file c:\a.pem successfully loaded association_add TCP port 7623 protocol http handle 02DD5080 dissect_ssl enter frame #631 (first time) ssl_session_init: initializing ptr 04DE8F48 size 564 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE dissect_ssl server 10.10.1.3:7623 conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 3 dissect_ssl enter frame #632 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 9 dissect_ssl enter frame #633 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 6 dissect_ssl enter frame #634 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 45 client random len: 16 padded to 32 dissect_ssl enter frame #635 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 1085 dissect_ssl3_record found version 0x0301 -> state 0x11 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 1080 ssl, state 0x11 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 2 offset 5 length 70 bytes, remaining 1085 dissect_ssl3_hnd_hello_common found SERVER RANDOM -> state 0x13 dissect_ssl3_hnd_srv_hello found CIPHER 0x0035 -> state 0x17 dissect_ssl3_hnd_srv_hello trying to generate keys ssl_generate_keyring_material not enough data to generate key (0x17 required 0x37 or 0x57) dissect_ssl3_hnd_srv_hello can't generate keyring material dissect_ssl3_handshake iteration 0 type 11 offset 79 length 998 bytes, remaining 1085 dissect_ssl3_handshake iteration 0 type 14 offset 1081 length 0 bytes, remaining 1085 dissect_ssl enter frame #636 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 267 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 262 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 16 offset 5 length 258 bytes, remaining 267 pre master encrypted[256]: 75 e9 43 92 6a 1d 83 ca d3 a2 a7 ee e0 e6 05 8d 4d 43 c6 0f 17 c2 0d d5 10 e3 73 f1 30 86 55 b1 a3 7a a9 c5 22 67 7f 62 49 ca 96 8a 39 54 6a f5 1a 24 7a 85 ae 45 1f 68 2d a9 fb 90 35 8d 97 12 b5 61 e4 30 30 46 7d e6 7b bc 83 75 ff 63 6d 8a 88 be 67 d9 ba 27 24 bf 4e ec bc 66 3e 19 37 4a 59 2f ff 16 c2 1c 35 25 cc c0 b4 c8 83 e8 ae 07 7b ba f0 47 eb ce 3b de fd cf 61 85 94 3a 7d da e1 b1 cb 90 10 fc 7f 93 f6 20 95 3d f4 91 68 c7 ac 47 3e 7c a5 37 be 17 8b 8e 29 15 04 22 97 75 4e 4c 79 63 16 07 ed cc e2 ea 44 21 c3 24 cd fd 3b 54 bb 93 d9 8c a9 d1 15 e2 fc ec 81 0b fb 63 51 86 8c d8 8b 7e 76 87 17 ca d8 72 d6 4b b3 20 b7 d4 b6 95 9e 54 d5 ae 52 b7 f8 03 c5 73 21 1c 57 e9 60 5b c9 96 09 7e d2 ba d7 63 47 a6 21 c9 54 ac 3f 9a 64 2f cc ab f3 7a dc 2c d4 b1 9d 69 ssl_decrypt_pre_master_secret:RSA_private_decrypt pcry_private_decrypt: stripping 0 bytes, decr_len zd decrypted_unstrip_pre_master[128]: 7d 8f 28 07 f0 fc 72 4e f3 db cb bc 6f 5d 08 73 f6 d0 07 1e e6 31 05 6c d6 70 19 38 7d 6c 68 5d 4d 74 36 fd 43 32 bb b3 92 b0 d1 15 33 b4 98 d0 ef 7c 0d fc 68 8f b9 c3 b9 9f cf 40 0b 0a d7 45 8e 09 67 38 55 22 f2 a8 38 e2 f3 99 46 7b 73 8f 6e 94 78 10 97 c3 dc 14 2c 5f 3a 3a 13 12 1d 4e 57 6e b8 bd a4 ab 4e f4 a2 45 94 b9 d8 39 f4 8d 1b 70 72 56 8a d7 91 0f e7 99 2e 7e 1c 93 26 a2 ssl_decrypt_pre_master_secret wrong pre_master_secret length (128, expected 48) dissect_ssl3_handshake can't decrypt pre master secret dissect_ssl enter frame #644 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 59 dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE ssl_change_cipher CLIENT record: offset = 6, reported_length_remaining = 53 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 48 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 136 offset 11 length 15047880 bytes, remaining 59 dissect_ssl enter frame #646 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 6 dissect_ssl3_record: content_type 20 dissect_ssl3_change_cipher_spec association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE ssl_change_cipher SERVER dissect_ssl enter frame #647 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 53 dissect_ssl3_record: content_type 22 decrypt_ssl3_record: app_data len 48 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available dissect_ssl3_handshake iteration 1 type 247 offset 5 length 5754387 bytes, remaining 53 dissect_ssl enter frame #649 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #666 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #667 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #668 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 53 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 48 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #669 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 69 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 64 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #670 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #671 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #676 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 282 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 64 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 record: offset = 69, reported_length_remaining = 213 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 208 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1069 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 53 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 48 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1070 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 101 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 96 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1086 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 159 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 record: offset = 37, reported_length_remaining = 122 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 80 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 record: offset = 122, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1114 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1116 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 85 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 80 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1120 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1122 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1124 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1278 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 53 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 48 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1279 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 1061 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 1056 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1288 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 117 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 112 ssl, state 0x17 association_find: TCP port 7623 found 04002E80 packet_from_server: is from server - TRUE decrypt_ssl3_record: using server decoder decrypt_ssl3_record: no decoder available association_find: TCP port 7623 found 04002E80 dissect_ssl enter frame #1294 (first time) conversation = 04DE8C70, ssl_session = 04DE8F48 record: offset = 0, reported_length_remaining = 37 dissect_ssl3_record: content_type 23 decrypt_ssl3_record: app_data len 32 ssl, state 0x17 association_find: TCP port 1205 found 00000000 packet_from_server: is from server - FALSE decrypt_ssl3_record: using client decoder decrypt_ssl3_record: no decoder available association_find: TCP port 1205 found 00000000 association_find: TCP port 7623 found 04002E80 -------------- END OF DEBUG ----------------------------- if you notice the pre master of the server's if of 256 bit key and wireshark is 128 bit. IS MY PRIVATE KEY WRONG ??!! Thanks, MO
- Follow-Ups:
- Re: [Wireshark-users] 256 pre master encrypted key
- From: Sake Blok
- Re: [Wireshark-users] 256 pre master encrypted key
- Prev by Date: Re: [Wireshark-users] Reduce frequency of digest mailings to daily?
- Next by Date: Re: [Wireshark-users] 256 pre master encrypted key
- Previous by thread: Re: [Wireshark-users] Reduce frequency of digest mailings to daily?
- Next by thread: Re: [Wireshark-users] 256 pre master encrypted key
- Index(es):
- Get Wireshark
- Download
- Code of Conduct