This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

How to obtain a private TLS key

1

I'm trying to decrypt some TLSv1 packages, but I don't have the server private key. How can I obtain the private key?

Here are some images:

Client Hello: http://www.imagebam.com/image/8d0f17478413719

Server Hello: http://www.imagebam.com/image/6c0b60478413729

Client Handshake: http://www.imagebam.com/image/482dff478413715

Server Handshake: http://www.imagebam.com/image/fa6eb5478413724

asked 17 Apr '16, 02:34

Xenocyde's gravatar image

Xenocyde
21114
accept rate: 0%

edited 18 Apr '16, 06:45

sindy's gravatar image

sindy
6.0k4851


One Answer:

2

You get the server private key by asking the server administrator to give it to you. You can't get it from the packets. If you could, this would not be a secure method of communication.

answered 17 Apr '16, 08:16

Jim%20Aragon's gravatar image

Jim Aragon
7.2k733118
accept rate: 24%

Are we absolutely sure there's isn't any other way to obtain the private key?

(17 Apr '16, 09:25) Xenocyde
2

Yes, and if you're not able to get the private key from the server administrator, then it means they don't want you to have the key and you are not authorized to decrypt the traffic.

(17 Apr '16, 10:38) Jim Aragon
1

Another option is that you may be able to persuade the client application, e.g. by configuration or recompiling, to give up the session key or pre-master secret.

See this section of the Wireshark Wiki page on SSL.

(18 Apr '16, 03:05) grahamb ♦
1

@Xenocyde: The server key would not help you at all, as the server suggests to use a Diffie Hellman cipher, so the only thing that helps is what @grahamb sugested.

BTW: What is your problem? Maybe there are other way to achieve analyze a problem, like a SSL MITM Proxy.

(19 Apr '16, 09:21) Kurt Knochner ♦

@Kurt Knochner: I need to see the code sent by the client and by the server to analyze a few instructions. So the SSL MITM Proxy might help me here. Thanks for the info.

(19 Apr '16, 09:28) Xenocyde