Dumping key to file

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Dumping key to file

Harish Kulkarni
Hello All,

My application is built along with openssl library source code. We want to dump keys to a file for decrypting TLS flows from network captures.. is there any flag or environment variable which we can set during building application or while running application.

-thanks
harish

Reply | Threaded
Open this post in threaded view
|

Re: Dumping key to file

Jeremy Harris
On 10/03/2021 13:14, Harish Kulkarni wrote:
> My application is built along with openssl library source code. We want to
> dump keys to a file for decrypting TLS flows from network captures.. is
> there any flag or environment variable which we can set during building
> application or while running application.

Env var SSLKEYLOGFILE
--
Cheers,
   Jeremy
Reply | Threaded
Open this post in threaded view
|

Re: Dumping key to file

Matt Caswell-2


On 10/03/2021 13:35, Jeremy Harris wrote:
> On 10/03/2021 13:14, Harish Kulkarni wrote:
>> My application is built along with openssl library source code. We
>> want to
>> dump keys to a file for decrypting TLS flows from network captures.. is
>> there any flag or environment variable which we can set during building
>> application or while running application.
>
> Env var SSLKEYLOGFILE

That is not an OpenSSL environment variable (I think that's an NSS thing).

In order to log keys you need to set the key logging callback via
SSL_CTX_set_keylog_callback.

The callback needs to look like this:

typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);

It should write the data provided in "line" to wherever you want to
store the key data.

See:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html

If you are using the OpenSSL command line then you can use the
"-keylogfile" option to s_client or s_server to specify the filename for
where you want keys logged.

Matt
Reply | Threaded
Open this post in threaded view
|

Re: Dumping key to file

Harish Kulkarni
Thank you all.. i will try and write back.

-thanks
harish


On Wed, Mar 10, 2021 at 7:59 PM Matt Caswell <[hidden email]> wrote:


On 10/03/2021 13:35, Jeremy Harris wrote:
> On 10/03/2021 13:14, Harish Kulkarni wrote:
>> My application is built along with openssl library source code. We
>> want to
>> dump keys to a file for decrypting TLS flows from network captures.. is
>> there any flag or environment variable which we can set during building
>> application or while running application.
>
> Env var SSLKEYLOGFILE

That is not an OpenSSL environment variable (I think that's an NSS thing).

In order to log keys you need to set the key logging callback via
SSL_CTX_set_keylog_callback.

The callback needs to look like this:

typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);

It should write the data provided in "line" to wherever you want to
store the key data.

See:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html

If you are using the OpenSSL command line then you can use the
"-keylogfile" option to s_client or s_server to specify the filename for
where you want keys logged.

Matt