0
For the first part in decrypting the server pre master secret I have been using:
openssl rsautl -in cpre.key -inkey key.pem -decrypt -out spre.key
where cpre.key is in binary when fed to this and key.pem is my private key generated when making my certificate. I'll share my private key here because I will not actually be using this except in my proof of concept.
key.pem
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDTYy4zhRmPYAS
qpnpbHzHNgTtg6Cn1hGGuYzeoIvbewd/HfwmTYlnnYJNtZESkZgy09uci+B8d3T1
it4WAkJv8j6QCg4PHzmPovsdvKuF8WUrhZsmiNk8K+Hn7fkNCqbK/NsghOi+RwUQ
JCudz6OsYT/jqx4TGCOqEpqWF4ShBdsUJccPxkpXn/KZn330pGJTVkVCAfae/btA
Ylg8QY0/LNkbvkp+2UlglyV8DMqWo125GEnD56Aphrb0aMdTC0/tlI9oQWSpWhT9
IeJtR7vsQLSVmscotalktuCFTaaP6NzLg5rVvJAmxurJJTETafXB4rb55OWpzyij
t6qcwUkdAgMBAAECggEAUpCkXzRwF1EEpd+NtcrxbV5+8tJkxs+PFT+4OB3zQlRe
tPS+Noss/aru/V8293yptUMvYp0XyEbQIUYV4YQPBjiJDmfRzb7LnNewBcBPWw7U
UHPpRX8xJ2j91gka8tJ/9Oy0zqihpF9t2ocQEWVIsoVidyNOUZAw86NtyuoiXdfY
pgJxTVdCH0QjYb7jIQAWIhJXvp8DVLFRn42lZD96YS0GJyBOtXg+RXXUSWrVUcjb
Gi8w7eRbLKbGtYZ7prTBeoYubFuuyML4IF/MwkMBbjU3sJCV4Q6F2R1Kjv4RMFge
oqyf+YDq26USUgdIVQJaUPj8g98qvS8jCH+OTVkIGQKBgQDqHMgPREuMFaqihi9p
AqcWDvUI+gLkDAHuIr5WTLFNEt6SFh5vVtiaVPgANNqR5FSPPczvOF8WGuU6zapf
wbuyqzPCVuxfcllR0DCVP2J2VM14WX2D9VUqPRNXM4shQnvZh/jbhgbqIfWdLuAq
cXAJ+O2FzGUmPWUexsR5OyZVrwKBgQDVj+gG2myl6juC6jBDXhD359QuZN+L6jhy
6HZyPPxQgMz7Flgn+oifiysAsfY6uTxyrt5eSVO23HoqfI1/C12xtF1H+LdSdMO7
60jikauByZRoSuVDxuDsMFBTOf018lO5MI03tKy4LeFYCJQ1VA8t0cK1zInn7YiL
7UyScnJM8wKBgQDYNkiVwO88qu3yN5cllmuVta6b4bo1vtkxgyjiLuY4Vkr0BDWL
glt8/SglmKqbvpJR0DOqYxd+JMy76CGHWjbtJawhuYGIDOVs56dWzzkyK9OvaIbB
Dhzfa5SnHlVKHEqhdjBhHYDZTw+1YQtqZ2Wf8CP9Q+3OyTjQmaXuiLA4xQKBgDvl
sbECYAikym4sWr76Sg4NwnAEsMIgPhbUZiwiOK4ngdZGbRFBbkI5GSWHxESyIWcU
7p9JN6aI7eauqkzgljW6HZOLCXeh8ifplLafHpg3Pl2F7Al3ZSw5XL4K/J69yYee
O21NSkgZ7iLvvQm7+sniFBdDN8aJ04tTUe+dE7vLAoGAHcY/RslRZ1jusaEY8xPW
7BMzcPLhvbeoMFKE4ruryExNCnZQ4/9jKT9S0IXk1L8peOl8TiK1TFeEeFmijFG/
qqPgglcoJu0kscNQmVmt0JgLz6FyB1+oP4faKWtW7GI+WdGXcvAcUgaDMVrPEN0u
9wnF7LizmwRzYywT3NFWhb4=
-----END PRIVATE KEY-----
cpre.key (hex) captured encrypted client pre master
b14ebd6c882b62bd2a527763b24eec0159694b57d50c091625797cc348ecbde551a6b5bc17a676f2
a9b1a16a7f0a8694fd3be297ffcd5189baa2cfc6ae3a21e608ebc2dfc40d11a833445ff3955fb230
dfefe6c741b2d48bf2977f3b3ba9ccc6fa0069a59c7d48579a3eb43562a1aeb7312857b7dede6b3a
e2f1e80390697518b636a064e37c5a3bb696f4af98c38661995695e536a7847d9b3ae4e0ee943da8
f6e577c6e1d7e1f30e9b67f62a0301a4fb6fc401341c3fb5f3a00c56d67c7d26a31a5a462a0e3610
f6de24f95812e05ca6c5916d89573429eab173595d4598fcad39ef7bff3b07d74cdc6928990fe4ac
80db36b7fa00bfe5534de164e9776316
spre.key (hex) decrypted server side pre master
03033ab0d673caefc4a9f6d35cf51d349815d67a09ac454f11dfb9741c96001a66a3e82f688b8213
8403018384cf35f2
Dave, I realize you said it was unlikely that I was decrypting this incorrectly but do you see any problems with my first step? I may be capturing the data from the client incorrectly so I wanted to check.
David B
Posted 2018-08-08T13:20:13.187
Reputation: 41
I don't see any problem here, though you don't show 'capturing the data' so I can't look at that. But RSA decryption as used in TLS has enough redundancy that yes it is very unlikely you would get a validly formatted output if you were not decrypting a valid ciphertext. Note this 'self-validation' does not apply to the nonces, which are thus more important to check. I slightly modify my previous suggestion: doing a handshake using
openssl s_client -connect host:port -debug >filewill create a log containing all needed data for this exercise, except the RSA key, unambiguously. – dave_thompson_085 – 2018-08-09T07:02:13.257Dave, Thanks... I started a discussion with our system admin to see about setting this up. I have to be careful about interfering with any other process or processes we currently have running hopefully he's not going to have a problem with me doing this to so I can create the logs and make some comparisons. I did post my next step and data to generate the master secret/key here I'd appreciate it if you can take a look and comment.
– David B – 2018-08-09T15:18:04.170