非 RSA TLS1.2 数据包解密 [英] Non-RSA TLS1.2 Packet decryption
问题描述
我正在尝试解密一个 pcap 文件.此 pcap 文件包含 HLS 加密视频流的捕获.pcap 包含 TLSv1.2 数据包.
以下是pcap文件中的一些信息
<块引用>服务器问候消息密码套件:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
<块引用>
EC Diffie-Hellman 服务器参数:公钥 (1)
证书状态消息:
<块引用>签名哈希算法哈希:SHA256
签名哈希算法签名:ECDSA
客户端密钥交换消息
EC Diffie-Hellman 服务器参数:公钥 (2)
我尝试遵循 [这个 Wireshark SSL 解密教程][1].但它似乎只适用于 RSA 加密.我已经研究了一段时间,发现了[这个讨论][2].我引用了这个讨论的摘录:
<块引用>需要记住一个重要参数:被动解密记录的会话(带有服务器私钥的副本)仅在以下情况下才有效密钥交换类型为 RSA 或静态 DH;带有DHE"和ECDHE"密码套件,您将无法解密这样的会话,即使使用服务器私钥的知识.在这种情况下,您将需要要么协商主秘密",要么使用服务器私有主动拦截连接的关键
值得注意的是,我有客户端私钥.就我而言,客户端是 FFmpeg 视频流媒体 (FFplay).我还查看了 [TLS v1.2 RFC][3].
我的问题:
在这种情况下是否可以进行解密?如果是,我需要做什么?
解密是使用客户端的私钥还是使用 pre_shared_master(即 Diffie-Hellman)完成的?[1]:https://wiki.wireshark.org/SSL[2]:https://security.stackexchange.com/questions/117778/how-to-decrypt-ssl-traffic-with-a-packet-sniffer-when-i-have-the-private-key[3]:https://www.rfc-editor.org/rfc/rfc5246
不,在这种情况下无法解密.这将涉及破坏 EC Diffie-Hellman.
解密不是直接使用pre_master_secret 执行的,而是通过直接从预主密钥派生的密钥执行的.即:客户端和服务器解密密钥,通过首先导出 master_secret 然后执行 PRF 并将输出划分为会话密钥和 IV 来导出.
I am trying to decrypt a pcap file. This pcap file contains a capture of an HLS encrypted video stream. The pcap contains TLSv1.2 packets.
Below are some information from the pcap file
Server Hello message Cipher Suite:
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384.
EC Diffie-Hellman server Params: pubkey (1)
The Certificate Status message:
Signature Hash Algorithm Hash: SHA256
Signature Hash Algorithm Signature: ECDSA
Client Key Exchange Message
EC Diffie-Hellman server Params: pubkey (2)
I tried to follow [this Wireshark SSL decryption tutorial][1]. But it seems that it works only for RSA encryptions. I have been researching for a while and found [this discussion][2]. I am quoting an extract from this discussion:
There is an important parameter to mind: decryption of a passively recorded session (with a copy of the server private key) works only if the key exchange was of type RSA or static DH; with "DHE" and "ECDHE" cipher suites, you won't be able to decrypt such a session, even with knowledge of the server private key. In that case, you will need either the negotiated "master secret", or to use the server private key to actively intercept the connection
It's note worthy that I have the client private key. In my case, the client is FFmpeg video streamer (FFplay). I had a look also on the [TLS v1.2 RFC][3].
My question:
Is it possible to do a decryption in this scenario ? If yes, what do I need to have to do so?
Is the decryption done using the client's private key or using the pre_shared_master (i.e. Diffie-Hellman) ? [1]: https://wiki.wireshark.org/SSL [2]: https://security.stackexchange.com/questions/117778/how-to-decrypt-ssl-traffic-with-a-packet-sniffer-when-i-have-the-private-key [3]: https://www.rfc-editor.org/rfc/rfc5246
No, it is not possible to decrypt in this scenario. That would involve breaking EC Diffie-Hellman.
Decryption is not directly performed using the pre_master_secret but it is performed by keys directly derived from the pre-master secret. That is: the client and server decryption keys that are derived from it by first deriving the master_secret and then performing the PRF and dividing the output to the session keys and IV's.
这篇关于非 RSA TLS1.2 数据包解密的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
