Hi, I saw the question and answer in https://ask.wireshark.org/questions/47010/decode-with-known-psk-in-dtls#fmanswer - my question is similar, but in my case the key is ECC, and when I try to add the key I get an error message “can’t load private key”. Thanks, asked 06 Apr '16, 22:44  ranshe |
One Answer:
You cannot use non-RSA private keys for decryption. Some TLS cipher suites use RSA for the key exchange (see RFC 5246 (TLS 1.2) - 7.4.7.) which can then be decrypted using a RSA private key, but there is not something similar for ECC certificates. ECC certificates (RFC 5480, RFC 4492) appear to be used for ECDH key exchange and for authentication (fixed-ECDH certificates and ECDSA). This means that even if you posess the private key, you cannot use it for decryption of the traffic. As an alternative, you can try to obtain the master secret into a "SSL Keylog file" and feed this file to Wireshark to enable decryption. This method is only possible if your DTLS library supports it. answered 08 Apr '16, 10:27  Lekensteyn edited 08 Apr '16, 10:28 |
That's a bummer, but of course thanks for the answer.