Revision history [back]
Ok, I found the solution. I had to read RFC 5246 to realize that the actual pre-master secret are only the last 48 bytes of the pre-master data. The rest is just padding and some format restrictions.
The correct format therefore is:
RSA "first 8 bytes of encrypted premaster-secret in hex" "the last 48 bytes of the decrypted pre-master data in hex"
Ok, I found the solution. solution and a small bug in Wireshark. I had to read RFC 5246 to realize that the actual pre-master secret are only the last 48 bytes of the pre-master data. The rest is just padding and some format restrictions.restrictions. However, the 48 bytes of the pre-master secret again consist of 2 bytes for the TLS version and 46 random bytes. Wireshark only needs the 46 random bytes!
The correct format therefore is:
RSA "first 8 bytes of encrypted premaster-secret in hex" "the last 48 46 random bytes of the decrypted pre-master data key in hex"