This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Decrypting DTLS with ECC key

0

Hi, I saw the question and answer in https://ask.wireshark.org/questions/47010/decode-with-known-psk-in-dtls#fmanswer - my question is similar, but in my case the key is ECC, and when I try to add the key I get an error message “can’t load private key”.
Is there any way around this?

Thanks,

asked 06 Apr '16, 22:44

ranshe's gravatar image

ranshe
6113
accept rate: 0%


One Answer:

0

You cannot use non-RSA private keys for decryption. Some TLS cipher suites use RSA for the key exchange (see RFC 5246 (TLS 1.2) - 7.4.7.) which can then be decrypted using a RSA private key, but there is not something similar for ECC certificates.

ECC certificates (RFC 5480, RFC 4492) appear to be used for ECDH key exchange and for authentication (fixed-ECDH certificates and ECDSA). This means that even if you posess the private key, you cannot use it for decryption of the traffic.

As an alternative, you can try to obtain the master secret into a "SSL Keylog file" and feed this file to Wireshark to enable decryption. This method is only possible if your DTLS library supports it.

answered 08 Apr '16, 10:27

Lekensteyn's gravatar image

Lekensteyn
2.2k3724
accept rate: 30%

edited 08 Apr '16, 10:28

That's a bummer, but of course thanks for the answer.

(08 Apr '16, 13:47) ranshe