Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
664 views
in Technique[技术] by (71.8m points)

encryption - How to see the encrypted key in wireshark, during ssl key exchange?

In wireshark, I am able to see the encrypted data to and fro from my PC. It does not use diffie hellman algorihm for key exchange because I see only the Client Key Exchange packet but there is no Server Key Exchange packet. That means the browser is sending the encrypted key to the server(encrypted using the server's public key).
But I do not see any encrypted data in that packet("Client Key Exchange"). How to view the encrypted key?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You won't see the encrypted shared-key, it's not exchanged. You can see the encrypted pre-master secret when using RSA authenticated key exchange. (Note that using Ephemeral Diffie-Hellman isn't the only reason for not seeing a server key exchange message: it could also use a DH_DSS or DH_RSA cipher suite, but this is unusual as far as I know).

If you follow the instructions about decrypting SSL with Wireshark, use the "SSL debug file" option to store the logs into a file. (Note that the user interface has changed slightly in newer versions of Wireshark, in the way you configure the private key.)

The log files will contain the pre-master secret and the shared keys.

(By the way, you need the server's private key to do this, of course.)

Using the sample data provided on the Wireshark page, you get:

pre master encrypted[128]:
65 51 2d a6 d4 a7 38 df ac 79 1f 0b d9 b2 61 7d 
73 88 32 d9 f2 62 3a 8b 11 04 75 ca 42 ff 4e d9 
cc b9 fa 86 f3 16 2f 09 73 51 66 aa 29 cd 80 61 
0f e8 13 ce 5b 8e 0a 23 f8 91 5e 5f 54 70 80 8e 
7b 28 ef b6 69 b2 59 85 74 98 e2 7e d8 cc 76 80 
e1 b6 45 4d c7 cd 84 ce b4 52 79 74 cd e6 d7 d1 
9c ad ef 63 6c 0f f7 05 e4 4d 1a d3 cb 9c d2 51 
b5 61 cb ff 7c ee c7 bc 5e 15 a3 f2 52 0f bb 32 

pre master secret[48]:
03 00 ff 84 56 6d a0 fb cc fd c6 c8 20 d5 f0 65 
18 87 b0 44 45 9c e3 92 f0 4d 32 cd 41 85 10 24 
cb 7a b3 01 36 3d 93 27 12 a4 7e 00 29 96 59 d8 

master secret[48]:
1e db 35 95 b8 18 b3 52 58 f3 07 3f e6 af 8a a6 
ab c3 a4 ed 66 3a 46 86 b6 e5 49 2a 7c f7 8c c2 
ac 22 bb 13 15 0f d8 62 a2 39 23 7b c2 ff 28 fb 

key expansion[136]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 
63 aa 17 1f 47 71 95 71 08 e0 4b 8e e1 da 7b 4a 
5a f3 c2 32 bd e0 a5 82 6d 14 44 3a d6 cb 2d c0 
7d 57 be a8 37 de 5d d9 a1 07 fd 1b 22 71 b9 4b 
7a 1e 0f 70 37 14 97 0a f0 db 98 3b 7b 74 e3 2d 
51 66 2e 31 68 90 ac 6f e6 53 3c c9 5e 48 0c 05 
bc 9f 92 e7 f9 91 98 f5 95 1c c4 bf d9 cb 26 ef 
35 70 5e ad 21 22 3e f6 
Client MAC key[20]:
11 60 e4 e1 74 e9 a1 cf 67 f9 b7 bc ef bc a7 c7 
b3 f7 33 aa 
Server MAC key[20]:
b2 42 d0 1c a6 4e fb e9 9b 13 dd 29 63 aa 17 1f 
47 71 95 71 
Client Write key[32]:
08 e0 4b 8e e1 da 7b 4a 5a f3 c2 32 bd e0 a5 82 
6d 14 44 3a d6 cb 2d c0 7d 57 be a8 37 de 5d d9 
Server Write key[32]:
a1 07 fd 1b 22 71 b9 4b 7a 1e 0f 70 37 14 97 0a 
f0 db 98 3b 7b 74 e3 2d 51 66 2e 31 68 90 ac 6f 
Client Write IV[16]:
e6 53 3c c9 5e 48 0c 05 bc 9f 92 e7 f9 91 98 f5 
Server Write IV[16]:
95 1c c4 bf d9 cb 26 ef 35 70 5e ad 21 22 3e f6 

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...