First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Decrypting encrypted traffic

  • retag add tags

Hello;

I have the server certificate and the private key. Further, I also have the encrypted packet capture file that has the complete communication between the client and the server. Will I be able to decrypt it just by following the TLS standards, or do I need anything else ?

shyamk4577's avatar
1
shyamk4577
asked 2019-07-04 11:44:08 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

See the Wiki page on TLS.

As explained on the page, decrypting traffic using the RSA private key only works in a limited number of cases.

Using the keylogfile method to get per-session secrets works in all cases.

grahamb's avatar
23.8k
grahamb
answered 2019-07-04 11:55:15 +0000
edit flag offensive 0 remove flag delete link
more

Comments

Thank you for the response !

I have access to the server that the clients connect to, and can execute any piece of code on the server. Will that make any difference ?

shyamk4577's avatar shyamk4577 (2019-07-09 08:29:00 +0000) edit
more
  • delete

You could force the server config to not allow TLS 1.3 and to not use any ciphers other than RSA ones. Basically the opposite of hardening.

I'm not sure if the server software can be persuaded to write a keylogfile. What are you using on the server?

grahamb's avatar grahamb (2019-07-09 10:59:02 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer