If I have access to the pre-master key of a TLS handshake, is it possible to decrypt the rest of the handshake following this?
If so, is it possible to get the pre-master key while it is still not encrypted by the server public key?
Asked
Active
Viewed 870 times
0
-
See also [the wireshark wiki](https://wiki.wireshark.org/SSL#Using_the_.28Pre.29-Master-Secret). As for how to get the pre-master key - this entirely depends on the application implementing TLS and on the level of access you have to these applications (i.e. no access at all, access to the memory of the running binary, ability to modify binary, access to source code...). See for example [Extract pre-master keys from an OpenSSL application](https://security.stackexchange.com/questions/80158/extract-pre-master-keys-from-an-openssl-application). – Steffen Ullrich Mar 04 '19 at 16:27
-
How to extract the pre-master secret from the application (i.e. *"while it is still not encrypted by the server public key"*) is fully dependent on the application, but is related to the TLS stack which is used and there are only few such stacks commonly used. Apart from that the pre-master secret is only encrypted for the servers public key in case of the obsolete RSA key exchange. If you are interested of brute-forcing the pre-master-secret from some captured packets - this is practically impossible. – Steffen Ullrich Mar 04 '19 at 18:05