2
I'm trying to do some manual data extraction/encryption/decryption with the openssl
command line tool.
I've been reviewing RFC5246 to work out what I need to do. It is not crystal clear to me if I am going to be able to do this step with that tool. I'm assuming the private key in the explanation is the private key generated when I created my self signed certificate.
When RSA is used for server authentication and key exchange, a 48- byte pre_master_secret is generated by the client, encrypted under the server's public key, and sent to the server. The server uses its private key to decrypt the pre_master_secret. Both parties then convert the pre_master_secret into the master_secret, as specified above.
Can someone tell me if my assumptions are correct. Can the openssl
command line tool be used and supplied with my server private key and encrypted pre_master_secret from the client to generate the pre_master key for the server so it can be used to create the master key?
If so, I am not sure how to do it as I'm not very familiar with the tool.
The other thing I should point out is that the cipher suite I am working with is TLS_RSA_WITH_AES_256_CBC_SHA and I can see in Wireshark that the pre_master_secret from the client is 256 bytes long.
Thanks I'm still on a big learning curve here. Actually trying to determine if I can do this in the MUMPS language shelling out to openssl. How do I ask a follow up question here without posting another question? – David B – 2018-07-23T11:31:44.060
(1) I don't know MUMPS (although I heard it 'shrank' to M?) so I can't say if or how it can handle the parts openssl commandline doesn't. That is probably ontopic for stackoverflow (not here). (2) The general stack philosophy is to have 1 question per Q and answers for that Q (with links if that helps explain them), so each can be found by people searching for those issues or topics. But if your followup is close to the original you might get away with editting this Q to add it (but it's impolite to remove issues already addressed). – dave_thompson_085 – 2018-07-25T01:19:34.783
MUMPS sometimes referred to as "M" yes you are correct. I did ask a follow up question here link] I hopefully can handle all I need to In MUMPS that openssl can not. So far so good I am trying to read the RFC and follow along though I admit I am struggling a bit. My MUMPS program is serving the certificate and I am in the process of negotiating things with the handshake message(s) it is looking good so far. If you or someone could check my follow up and assist this next that would help.
– David B – 2018-07-25T11:57:48.227