问题
I writing a C# sniffer to decrypt a TLS packet which I already have the private key for. Here is a screenshot of the TLS packet.
I have tried decrypting the bytes in "Encrypted Application Data", but I am getting the error, "The parameter is incorrect" which usually means the data isn't correct for the provided key, so the question is, am I decrypting the wrong bytes?
The private key I have is from a .pem file in the section -----BEGIN PRIVATE KEY-----. I think this .pem file is generated from openssl, and when I add this .pem file to Wireshark, Wireshark is able to display the Encrypted Application Data in clear text.
Here is the code that's failing
if (File.Exists(filename))
{
string strPEM = File.ReadAllText(filename);
string strPriKey = GetStringFromPEM(strPEM, PEMStringType.PrivateKey);
strPriKey = RsaPemFormatHelper.Pkcs8PrivateKeyFormatRemove(strPriKey);
byte[] decryptedBytes;
using (RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(2048))
{
RSAParameters rsaPrivParam = CreateRsapFromPrivateKey(Convert.FromBase64String(strPriKey));
rsa.ImportParameters(rsaPrivParam);
// just to test rsa is able to encrypt and decrypt correctly with the private key
string testString = "test123";
var encrypted = rsa.Encrypt(Encoding.UTF8.GetBytes(testString), false);
string encryptedString64 = Convert.ToBase64String(encrypted);
var encrypted2 = Convert.FromBase64String(encryptedString64); // should be the same as encrypted
var decrypted = rsa.Decrypt(encrypted2, false);
string resultString = Encoding.UTF8.GetString(decrypted); // matches testString
// actual decryption
byte[] newArray = new byte[256];
Array.Copy(encryptedBytes, 0, newArray, 0, 256); // encryptedBytes contains the bytes in Encrypted Application Data
decryptedBytes = rsa.Decrypt(newArray, false); // <-- fails with 'The parameter is incorrect'
string sbytes = Encoding.UTF8.GetString(decryptedBytes);
}
}
来源:https://stackoverflow.com/questions/63309984/which-section-of-tls-packet-to-decrypt