I'm trying to decrypt some TLSv1 packages, but I don't have the server private key. How can I obtain the private key? Here are some images: Client Hello: http://www.imagebam.com/image/8d0f17478413719 Server Hello: http://www.imagebam.com/image/6c0b60478413729 Client Handshake: http://www.imagebam.com/image/482dff478413715 Server Handshake: http://www.imagebam.com/image/fa6eb5478413724 asked 17 Apr '16, 02:34  Xenocyde edited 18 Apr '16, 06:45  sindy |
One Answer:
You get the server private key by asking the server administrator to give it to you. You can't get it from the packets. If you could, this would not be a secure method of communication. answered 17 Apr '16, 08:16  Jim Aragon |
Are we absolutely sure there's isn't any other way to obtain the private key?
Yes, and if you're not able to get the private key from the server administrator, then it means they don't want you to have the key and you are not authorized to decrypt the traffic.
Another option is that you may be able to persuade the client application, e.g. by configuration or recompiling, to give up the session key or pre-master secret.
See this section of the Wireshark Wiki page on SSL.
@Xenocyde: The server key would not help you at all, as the server suggests to use a Diffie Hellman cipher, so the only thing that helps is what @grahamb sugested.
BTW: What is your problem? Maybe there are other way to achieve analyze a problem, like a SSL MITM Proxy.
@Kurt Knochner: I need to see the code sent by the client and by the server to analyze a few instructions. So the SSL MITM Proxy might help me here. Thanks for the info.