0

I can provide more detail if necessary, but my question is basically thus:

If I'm running an openfire server that encrypts traffic using an RSA pub/priv key combo that I created (and have), is there a way (preferably in Java) to sniff packets off the wire and then decrypt them using my private key? Currently I can encrypt/decrypt a string using the following:

public class TLSDecryptTest {

Cipher Ecipher;
Cipher Dcipher;

public TLSDecryptTest(String pubpath, String privpath){
    byte[] publicKeyContentsAsByteArray;
    RSAPublicKey pubKey;
    try {
    this.Ecipher = Cipher.getInstance("RSA");
    String path1 = new String("C:\\Users\\peter.marino\\Desktop\\javapub.key");
    File pubFile = new File(path1);
    publicKeyContentsAsByteArray = new byte[(int)pubFile.length()];

        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(pubFile));
        publicKeyContentsAsByteArray = new byte[(int)pubFile.length()];
        bis.read(publicKeyContentsAsByteArray);
        bis.close();

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(publicKeyContentsAsByteArray));
       pubKey = (RSAPublicKey) certificate.getPublicKey();
       this.Ecipher.init(Cipher.ENCRYPT_MODE, pubKey);
    } catch(Exception e) {
        System.out.println("Exception" + e);
    }

    try {
    this.Dcipher = Cipher.getInstance("RSA");
    String path2 = new String("C:\\Users\\peter.marino\\Desktop\\java.key");
    File privFile = new File(path2);
    byte[] privateKeyContentsAsByteArray = new byte[(int)privFile.length()];

        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(privFile));
        privateKeyContentsAsByteArray = new byte[(int)privFile.length()];
        bis.read(privateKeyContentsAsByteArray);
        bis.close();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        KeySpec ks = new PKCS8EncodedKeySpec(privateKeyContentsAsByteArray);
        RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(ks);
        System.out.println("PRIVATE KEY:::: " + new String(privKey.getEncoded()).equals(new String(privateKeyContentsAsByteArray)));
        this.Dcipher.init(Cipher.DECRYPT_MODE, privKey);
    } catch(Exception e) {
        System.out.println("Exception" + e);
    }

}

 public byte[] en(byte[] decryptedMessage) throws Exception {
     byte[] encryptedMessage = this.Ecipher.doFinal(decryptedMessage);
     //byte[] encryptedMessage = this.Ecipher.doFinal(decryptedMessage);
     return (encryptedMessage);

 }


 public byte[] de(byte[] encryptedMessage) throws Exception {
     byte[] decryptedMessage = this.Dcipher.doFinal(encryptedMessage);
     return (decryptedMessage);

 }

public static void main(String args[]) throws Exception{
    TLSDecryptTest t = new TLSDecryptTest(null,null);
    String s = ("Testing decryption.1Testing decryption.2Testing decryption.3Testing decryption.4");
    System.out.println("S: " + s);
    byte[] todo = s.getBytes();
    byte[] e = t.en(todo);
    String es = new String(e);
    System.out.println("E: " + es);
    byte[] d = t.de(e);
    String ds = new String(d);
    System.out.println("D: " + ds);
}

}

which works fine. However, if I sniff a few packets off the wire and then try to decrypt it, I get errors. I even tried only decrypting the first 256 bytes of it, seeing as that's the limitation of my RSA key, but it still throws errors. Most notably, a BadPaddingException at the doFinal() line.

Any ideas?

Thanks in advance.

  • 2
    It sounds like you're trying to implement your own variant of SSL/TLS, which sounds like a bad idea. Any reason why you're not using SSL/TLS as it exists (and as it's provided by JSSE amongst other implementations)? – Bruno Jun 14 '12 at 16:02
  • 2
    You're still going to run into a brick wall when [DHE cipher suites are used](http://security.stackexchange.com/a/14083/2435), since they provide Perfect Forward Secrecy. It would probably be better to implement some sort of XMPP reverse proxy, so that your service handles the requests, monitors them and forwards them to the actual server in the back. – Bruno Jun 14 '12 at 16:12

3 Answers3

2

If you are talking about SSL-protected session, then man-in-the-middle attack is possible if you have a legitimate server's private key (and can obtain the certificate which is public anyway). For practical purpose you should be able to use Wireshark to spy on your traffic.

But you can't decrypt the traffic as is. Partially because it's not encrypted using public key cryptography - data is encrypted using symmetric key generated per session.

Eugene Mayevski 'Callback
  • 45,135
  • 8
  • 71
  • 121
  • Yeah, but let's say I can't conceivably use man in the middle for this client. All they can give me is their private/public key pair. You're saying there's no way to get usable data from that? :/ if that is true then thank you for your response. Also how would I use wireshark? can't seem to get that working either (and theoretically shouldn't be able to if what you say is true...) –  Jun 14 '12 at 15:52
  • For instance, is there any way to take that symmetric key? –  Jun 14 '12 at 15:55
  • 1
    You should look into how the symmetric key is derived from the pre master secret. You may find more pointers [here](http://stackoverflow.com/a/10247166/372643), but this can require a fair amount of work. Note that you won't be able to do so based solely on the traffic and private key if you're using Ephemeral Diffie-Hellman cipher suites. – Bruno Jun 14 '12 at 15:59
  • Will I be able to decrypt in java using the symmetric key, if I do all the work to figure it out? Also, I don't think I can get the mod or the primes, if that's what you're referring to when you say I'll need more than the private key. –  Jun 14 '12 at 16:04
  • @user1456637 sorry, I don't have experience with wireshark, so I can't give you exact details. But if you have a server, you can retrieve its certificate easily (connect to it with any SSL library and save the obtained certificate to file), and if you have a private key which corresponds to *that* certificate, then the rest should be not complicated as well. – Eugene Mayevski 'Callback Jun 14 '12 at 16:52
  • I do have that, and I did that (above). That's exactly what my question was. (did you read it?) –  Jun 14 '12 at 17:17
  • 1
    @user1456637 Sorry, I don't get you. Your question doesn't say you have a certificate, neither it says that you are using wireshark. – Eugene Mayevski 'Callback Jun 14 '12 at 17:55
  • Perhaps you could be clearer then. How is the rest "not complicated"? If I have a certificate and a private key, I don't see how that would help. Wireshark is irrelevant, except for the fact that if wireshark can do it, I should be able to do it too (in java). But as Bruno explained, this is not possible. –  Jun 14 '12 at 18:54
  • 1
    @user1456637 You can't decrypt the data, but you can act as man in the middle, acting as a server for a connecting client and acting as a client for the real server. This is done by capturing network packets going to the server, then implementing TLS client and server. Of course you can do this (except packet capture which requires a kernel-mode driver), and this would be rewriting of wireshark. – Eugene Mayevski 'Callback Jun 15 '12 at 04:27
  • As I said (four comments ago), man-in-middle is not acceptable for this client. thanks anyway. –  Jun 15 '12 at 14:27
1

Wireshark will allow you to decrypt if you have the server's private key. Docs are here.

First, go to Edit/Preferences/Protocols/SSL, click the Edit button next to RSA Keys:

Edit RSA Keys

Next, click New. Fill out the form with information that describes when the key should be used. This should be the IP address and port of the server:

RSA key information

Your key file may or may not require a passphrase. Hit OK three times. Capture as usual.

Joe Hildebrand
  • 10,354
  • 2
  • 38
  • 48
  • extraordinarily unhelpful. I have already indicated that this doesn't work. (moreover, xmpp is not a valid protocol according to my wireshark). –  Jun 15 '12 at 14:28
  • xmpp does work on 1.8.0rc1. If you don't want to rebuild, 1.6.8 will allow you to pick a protocol like "imap", and things will actually work ok, just be labelled wrong in the UI. – Joe Hildebrand Jun 16 '12 at 15:34
  • Depending on why you're trying to do this, you might be able to disable DHE ciphersuites with the hints here: http://community.igniterealtime.org/thread/32993 – Joe Hildebrand Jun 16 '12 at 15:36
  • That is good link, and disabling DHE ciphersuites should allow your suggestion to work. I thought XMPP has been supported for quite awhile now in wireshark. – President James K. Polk Jun 16 '12 at 17:04
  • XMPP has been supported for a long time, but getting a protocol hooked in to that particular dialog apparently takes extra effort in the dissector code, which wasn't added until recently. – Joe Hildebrand Jun 17 '12 at 18:37
-3

No. With public key encryption, you can only ever decrypt with the opposite key. e.g.

encrypted with private key => decrypt with public key
encryptd with public key => decrypt with private key

consider the chaos that would happen if 

encrypted with public key => decrypt with public key

were possible - since the public key is floating around "in the open" for everyone to see, you'd essentially be giftwrapping your data in saran wrap, because everyone would have the key to decrypt it already. This would completely torpedo the entire SSL security model.

Marc B
  • 356,200
  • 43
  • 426
  • 500
  • So what's the point? Are you saying that I'm using the wrong key to decrypt? I can try using the public key to decrypt, I guess, but my whole point is that I'm trying to decrypt with the private key. I don't think you understood my question. –  Jun 14 '12 at 15:39
  • 1
    "encrypted with private key => decrypt with public key": that's really called "signing with private key" and "verifying the signature". Even if the operations are roughly the same for RSA, they're not for DSA. More fundamentally, it doesn't make sense to "encrypt" with the private key, since anyone would be able to read what's encrypted (since the public key is public). – Bruno Jun 14 '12 at 16:01
  • There is no PKI in this situation . SSL uses symmetric encryption. – user207421 Jun 12 '19 at 10:33