Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote: > https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing. If > this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work. > > Memory dumps can be created by malware. Packet captures can be created > by anyone who has access to what should have been (but which have been > in practice incredibly poorly-controlled) law-enforcement-limited taps > in intermediate routers. > > Before giving any kind of assistance, I'd really want to know the > provenance of the machine in question, the employment and role (and > legal authority) of the investigator, suspicions as to the nature of the > information they expect to find therein, and reasons why violating the > sanctity of the communication might possibly be desirable. > > Of course, I expect that other people don't have the same kinds of > ethical qualms that I do. > > -Kyle H > On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote: > https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing. If > this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work. > > Memory dumps can be created by malware. Packet captures can be created > by anyone who has access to what should have been (but which have been > in practice incredibly poorly-controlled) law-enforcement-limited taps > in intermediate routers. > > Before giving any kind of assistance, I'd really want to know the > provenance of the machine in question, the employment and role (and > legal authority) of the investigator, suspicions as to the nature of the > information they expect to find therein, and reasons why violating the > sanctity of the communication might possibly be desirable. > > Of course, I expect that other people don't have the same kinds of > ethical qualms that I do. > > -Kyle H It's my own firefox process memory dump from a virtual machine. It's for educational purposes. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing. If this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work. Memory dumps can be created by malware. Packet captures can be created by anyone who has access to what should have been (but which have been in practice incredibly poorly-controlled) law-enforcement-limited taps in intermediate routers. Before giving any kind of assistance, I'd really want to know the provenance of the machine in question, the employment and role (and legal authority) of the investigator, suspicions as to the nature of the information they expect to find therein, and reasons why violating the sanctity of the communication might possibly be desirable. Of course, I expect that other people don't have the same kinds of ethical qualms that I do. -Kyle H On 2017-02-01 11:54, Maxim Rise wrote: > I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted > master secret from a memory dump and I need to unwrap it in order to use it > to decrypt the wireshark ssl communication. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted master secret from a memory dump and I need to unwrap it in order to use it to decrypt the wireshark ssl communication. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
This is not the direction want to take, in part because with TLS 1.3 you will not be able to use the session cache to decrypt the connection. What you want is SSLKEYLOGFILE. http://stackoverflow.com/questions/9243842/how-to-reach-used-cipher-key-of-current-ssl-connection-under-firefox -Ekr On Sun, Jan 29, 2017 at 8:57 PM, Maxim Risewrote: > On Wednesday, January 25, 2017 at 8:12:59 AM UTC+2, Maxim Rise wrote: > > I need to know only for current version or older version. > > Let's say the NSS version is 3.28. I know the values of the fields from > sslSessionIDStr. > > How can I unwrap the master secret in order to use the unwrapped master > secret to decrypt a ssl communication using wireshark? > > Any advice and suggestions will be greatly appreciated. > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
On Wednesday, January 25, 2017 at 8:12:59 AM UTC+2, Maxim Rise wrote: > I need to know only for current version or older version. Let's say the NSS version is 3.28. I know the values of the fields from sslSessionIDStr. How can I unwrap the master secret in order to use the unwrapped master secret to decrypt a ssl communication using wireshark? Any advice and suggestions will be greatly appreciated. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
I need to know only for current version or older version. -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?
The details of how NSS constructs these values is internal to a given NSS version and might change in different versions. For instance, the indices and what they mean are highly likely to change in an upcoming version. On Wed, Jan 25, 2017 at 4:11 AM, Maxim Risewrote: > Hello. > > I am trying to write a python script for unwrapping wrapped_master_secret > for a given wrapped_master_secret in the command line. Can > wrapped_master_secret be unwrapped only using fields from sslSessionIDStr > structure (masterModuleID, masterSlotID, masterWrapIndex, masterWrapMech, > masterWrapSeries)? Can you point me in the right direction? > > PS: I am new in the NSS and PCKS11. > > Thank you! :) > -- > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto