ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online

Wireshark-users: Re: [Wireshark-users] 256 pre master encrypted key

Date: Thu, 11 Mar 2010 10:24:25 -0500
Thanks Sake,

I've watch you presentation and it was very interesting but in my
situation I have a signer certificate (which is shown in the server hello
packet with a common name of TEST) which is stored in my computer and
issued by the server and only personal certificate (common name=HOD) with
private keys stored in my computer.

I extracted the private keys from the personal certificate and it seemed
it didn't match.

I am managing certificates with IBM ikeyman I think it's a bit confusing
to me !!!

Thanks,
Mo


> On 11 mrt 2010, at 11:11, junk@xxxxxxxxx wrote:
>
>>> On 11 mrt 2010, at 10:42, junk@xxxxxxxxx wrote:
>>>
>>>> ssl_decrypt_pre_master_secret wrong pre_master_secret length (128,
>>>> expected 48)
>>>
>>> This usually means that the private key provided to Wireshark does not
>>> match the public key that was present in the certificate that was sent
>>> by
>>> the server.
>>
>> I have the certificate with me but I can't extract the private RSA key
>> from it. It's a signer certificate in DER binary format but it doesn't
>> have a RSA key.
>
> The private key is *never* in the certificate, it's the counterpart of a
> certificate. The signers certificate should contain a public key. This
> public key can be used to verify the signature in the certificate which
> was signed by the signers certificate. As it was signed by the private key
> that matches the public key in the signers certificate.
>
> You might want to take a look at the "SSL troubleshooting" presentation I
> gave at Sharkfest last year, it should clear things up a bit :-)
>
> Powerpoint:
> https://www.cacetech.com/sharkfest.09/AU2_Blok_SSL_Troubleshooting_with_Wireshark_and_Tshark.pps
> Video:  http://www.lovemytool.com/blog/2009/06/sake_blok_11.html
>
> Cheers,
>
>
> Sake
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>