subject:"Re\: Can wrapped master secret be unwrapped only using fields from sslSessionID structure\?"

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-02-01 Thread Maxim Rise

On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
> this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.
> 
> Memory dumps can be created by malware.  Packet captures can be created
> by anyone who has access to what should have been (but which have been
> in practice incredibly poorly-controlled) law-enforcement-limited taps
> in intermediate routers.
> 
> Before giving any kind of assistance, I'd really want to know the
> provenance of the machine in question, the employment and role (and
> legal authority) of the investigator, suspicions as to the nature of the
> information they expect to find therein, and reasons why violating the
> sanctity of the communication might possibly be desirable.
> 
> Of course, I expect that other people don't have the same kinds of
> ethical qualms that I do.
> 
> -Kyle H
> 


On Wednesday, February 1, 2017 at 10:48:52 PM UTC+2, Kyle Hamilton wrote:
> https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
> this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.
> 
> Memory dumps can be created by malware.  Packet captures can be created
> by anyone who has access to what should have been (but which have been
> in practice incredibly poorly-controlled) law-enforcement-limited taps
> in intermediate routers.
> 
> Before giving any kind of assistance, I'd really want to know the
> provenance of the machine in question, the employment and role (and
> legal authority) of the investigator, suspicions as to the nature of the
> information they expect to find therein, and reasons why violating the
> sanctity of the communication might possibly be desirable.
> 
> Of course, I expect that other people don't have the same kinds of
> ethical qualms that I do.
> 
> -Kyle H

It's my own firefox process memory dump from a virtual machine. It's for 
educational purposes.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-02-01 Thread Kyle Hamilton

https://bugzilla.mozilla.org/show_bug.cgi?id=1183318 is a thing.  If
this is related to a communication from Firefox, SSLKEYLOGFILE doesn't work.

Memory dumps can be created by malware.  Packet captures can be created
by anyone who has access to what should have been (but which have been
in practice incredibly poorly-controlled) law-enforcement-limited taps
in intermediate routers.

Before giving any kind of assistance, I'd really want to know the
provenance of the machine in question, the employment and role (and
legal authority) of the investigator, suspicions as to the nature of the
information they expect to find therein, and reasons why violating the
sanctity of the communication might possibly be desirable.

Of course, I expect that other people don't have the same kinds of
ethical qualms that I do.

-Kyle H

On 2017-02-01 11:54, Maxim Rise wrote:
> I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted 
> master secret from a memory dump and I need to unwrap it in order to use it 
> to decrypt the wireshark ssl communication.

-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-02-01 Thread Maxim Rise

I know about SSLKEYLOGFILE environment path, but I can't use it. I extracted 
master secret from a memory dump and I need to unwrap it in order to use it to 
decrypt the wireshark ssl communication.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-01-31 Thread Eric Rescorla

This is not the direction want to take, in part because with TLS 1.3 you
will not be able to use the session cache to decrypt the connection.

What you want is SSLKEYLOGFILE.
http://stackoverflow.com/questions/9243842/how-to-reach-used-cipher-key-of-current-ssl-connection-under-firefox

-Ekr

On Sun, Jan 29, 2017 at 8:57 PM, Maxim Rise  wrote:

> On Wednesday, January 25, 2017 at 8:12:59 AM UTC+2, Maxim Rise wrote:
> > I need to know only for current version or older version.
>
> Let's say the NSS version is 3.28. I know the values of the fields from
> sslSessionIDStr.
>
> How can I unwrap the master secret in order to use the unwrapped master
> secret to decrypt a ssl communication using wireshark?
>
> Any advice and suggestions will be greatly appreciated.
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
>
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-01-29 Thread Maxim Rise

On Wednesday, January 25, 2017 at 8:12:59 AM UTC+2, Maxim Rise wrote:
> I need to know only for current version or older version.

Let's say the NSS version is 3.28. I know the values of the fields from 
sslSessionIDStr.

How can I unwrap the master secret in order to use the unwrapped master secret 
to decrypt a ssl communication using wireshark?

Any advice and suggestions will be greatly appreciated.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-01-24 Thread Maxim Rise

I need to know only for current version or older version.
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

2017-01-24 Thread Martin Thomson

The details of how NSS constructs these values is internal to a given
NSS version and might change in different versions.  For instance, the
indices and what they mean are highly likely to change in an upcoming
version.

On Wed, Jan 25, 2017 at 4:11 AM, Maxim Rise  wrote:
> Hello.
>
> I am trying to write a python script for unwrapping wrapped_master_secret
> for a given wrapped_master_secret in the command line. Can
> wrapped_master_secret be unwrapped only using fields from sslSessionIDStr
> structure (masterModuleID, masterSlotID, masterWrapIndex, masterWrapMech,
> masterWrapSeries)? Can you point me in the right direction?
>
> PS: I am new in the NSS and PCKS11.
>
> Thank you! :)
> --
> dev-tech-crypto mailing list
> dev-tech-crypto@lists.mozilla.org
> https://lists.mozilla.org/listinfo/dev-tech-crypto
-- 
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

Re: Can wrapped master secret be unwrapped only using fields from sslSessionID structure?

7 matches

Site Navigation

Mail list logo

Footer information