How to decrypt HTTPS data (ECDHE)?

Question

How to decrypt HTTPS data (ECDHE)?

I am trying to understand how HTTPS works and does little practical tests.

I have data recorded from an HTTPS connection encrypted by TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA.

If I understand correctly, the client during the establishment of the TLS connection creates a master key, which is then encrypted using the server’s public key and sent to the server. This master key (like plain text) is then used as a symmetric key to encrypt the current connection. Is it correct?

If so, how to decrypt the data, if I know the master key?

At first it seemed to me that it was very easy, so I wrote this script

$masterKey = '8ef36f0eb2c10ea6142693374f6c5c7ae65eee5f6bd45bd1990b08e6c144227382726496b795d62284bd8c6c0cadbbdb';

$someRandomEncryptedData = '170303001D314A69C7DF95E07AAF51FBDA01C178D45330BC902308DF8C418FA5B02B';

$sDecrypted = mcrypt_decrypt(MCRYPT_RIJNDAEL_256, pack('H*', $masterKey), pack('H*', $someRandomEncryptedData), MCRYPT_MODE_CBC);

echo $sDecrypted;

, 96 (48 ), PHP, 256 (32 ). - ?

+4

php https encryption elliptic-curve diffie-hellman

user10099 05 . '15 3:38

1

jww · Accepted Answer · 2015-01-05T04:08:55+0000

-, . ( ) . ?

, , .

DH ECDH, : , . (, RSA Key Transport) DH ECDH. TLS 1.3.

TLS : . , IPSec. DH ECDH, premaster_secret. , - -.

premaster_secret, , master_secret. master_secret 6 :

IV
IV

.

, premaster_secret - g^a, g^b. master_secret nonces - .

, , RSA Key Transport, premaster_secret. master_secret nonce.

, premaster_secret master_secret 6 . , ...

, , -?

, Wireshark, . Wireshark ( , - premaster_secret master_secret). . Wiki Wireshark Secure Socket Layer (SSL).

, , script

...:) RFC 5246. (TLS) 1.2. :)

, 96 (48 )

96 - PseudoRandom (PRF). RFC 5246, . 13.

How to decrypt HTTPS data (ECDHE)?

More articles: