Wireshark mailing list archives

Previous By Date Next
Previous By Thread Next

Re: can't load private key from /root/foo.pem

From: "Thiago Moreira (timba)" <tmoreira2020 () gmail com>
Date: Tue, 19 Jan 2010 12:10:56 -0200
  Hey Ian,

  I just configured a file and got a bunch of this message:

  dissect_ssl enter frame #1118 (first time)
  conversation = 0xb24a8940, ssl_session = 0xb24a9610
  record: offset = 0, reported_length_remaining = 2549
dissect_ssl3_record: content_type 23
decrypt_ssl3_record: app_data len 2544 ssl, state 0x17
association_find: TCP port 8443 found 0xba9e87e8
packet_from_server: is from server - TRUE
decrypt_ssl3_record: using server decoder
decrypt_ssl3_record: no decoder available
association_find: TCP port 8443 found 0xba9e87e8

 "no decoder available" is this my problem?

  Thanks

  Thiago Moreira

On Tue, Jan 19, 2010 at 11:38 AM, Ian Schorr <ian.schorr () gmail com> wrote:


I've been having a lot of problems with the SSL and Kerberos decryption
lately. Odd thing I've found is that when I can decrypt on a Windows
release, I can't on a unix (at least, Linux and OS X). And if I can decrypt
on a Unix, I can't in Windows. It's traffic-dependent somehow, but I haven't
spent much time investigating. Maybe you're having a similar problem?

Have you configured an ssl debug file (in the protocol prefs)?

-Ian


On 20/01/2010, at 12:27 AM, "Thiago Moreira (timba)" <
tmoreira2020 () gmail com> wrote:


  Hey Sake,

 This is my configuration: 127.0.0.1,8443,http,/home/tmoreira2020/foo.pem .
It is pretty straightforward like yours, except the IP address but it does
not work.

  Is there a way to debug deeper on wireshark to know if the SSL key is
being used/loaded/matched?

  Cheers

  Thiago Moreira

On Tue, Jan 19, 2010 at 5:36 AM, Sake Blok < <sake () euronet nl>
sake () euronet nl> wrote:


 There is no need to use the "Decode As..." if you configure the RSA key
list correctly in the SSL protocol preferences. You should configure the RSA
key list like this:

<server-ip>,<server-port>,<protocol inside ssl>,<key-file-location>

If I understand you correctly, your SSL traffic is not on port 443, so
let's assume your server is at 10.0.0.1 and uses port 8443 and the protocol
inside SSL is http, you would use:

10.0.0.1,8443,http,/root/foo.pem

Hope this helps,
Cheers,
     Sake

----- Original Message -----
*From:* Thiago Moreira (timba) <tmoreira2020 () gmail com>
*To:* Community support list for Wireshark<wireshark-users () wireshark org>
*Sent:* Tuesday, January 19, 2010 12:07 AM
*Subject:* Re: [Wireshark-users] can't load private key from
/root/foo.pem


  Thank you Sake! The error message has gone away.

  But I'm still not able to see the header of http in a plain text. I'm
using the context menu "Decode As.." to decode the encrypted packet but no
success! Any clue?

  Thanks

On Mon, Jan 18, 2010 at 6:48 PM, Sake Blok < <sake () euronet nl>
sake () euronet nl> wrote:


 The file /root/foo.pem probably contains both the certificate and the
key. You should delete the part with the certificate. Or you could use the
following openssl command:

openssl pkcs12 -in foo.p12 -out foo.pem *-nodes -nocerts*
**
Hope this helps,
Cheers,
     Sake


 ----- Original Message -----
*From:* Thiago Moreira (timba) <tmoreira2020 () gmail com>
*To:* <wireshark-users () wireshark org>wireshark-users () wireshark org
  *Sent:* Monday, January 18, 2010 8:12 PM
*Subject:* [Wireshark-users] can't load private key from /root/foo.pem

   Hi there,

  I'm facing the following error when adding a private key to the "RSA
key list" field on Wireshark preferences.

  can't load private key from /root/foo.pem

  The key was generated by $JAVA_HOME/bin/keytool and then I used the
following commands to export it to a PEM format

  keytool -importkeystore -srckeystore .keystore    -destkeystore foo.p12
   -srcstoretype jks    -deststoretype pkcs12
 openssl pkcs12 -in foo.p12 -out foo.pem

  My question is how can I find out what is going on? Is there any debug
flag that can use to help me find out the issue?

  Thanks in advance

  Thiago Moreira

  ------------------------------


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <<wireshark-users () wireshark org>
wireshark-users () wireshark org>
Archives:    <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
             mailto: <wireshark-users-request () wireshark org>
wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <<wireshark-users () wireshark org>
wireshark-users () wireshark org>
Archives:     <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
            mailto: <wireshark-users-request () wireshark org>
wireshark-users-request () wireshark org?subject=unsubscribe



 ------------------------------


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <<wireshark-users () wireshark org>
wireshark-users () wireshark org>
Archives:    <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
             mailto: <wireshark-users-request () wireshark org>
wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <<wireshark-users () wireshark org>
wireshark-users () wireshark org>
Archives:     <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
            mailto: <wireshark-users-request () wireshark org>
wireshark-users-request () wireshark org?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:     <http://www.wireshark.org/lists/wireshark-users>
http://www.wireshark.org/lists/wireshark-users
Unsubscribe: <https://wireshark.org/mailman/options/wireshark-users>
https://wireshark.org/mailman/options/wireshark-users
              <wireshark-users-request () wireshark org?subject=unsubscribe>
mailto:wireshark-users-request () wireshark org?subject=unsubscribe<wireshark-users-request () wireshark 
org?subject=unsubscribe>


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Previous By Date Next
Previous By Thread Next

Current thread: