[Openswan Users] Extracting IKE key to decode with Wireshark
dwgoldfarb at yahoo.com
Wed Feb 5 13:17:47 EST 2014
I am trying to decode an OpenSwan IKE exchange using Wireshark. I can decode the ESP packets just fine, but I am having trouble getting the IKE encryption keys out of the Pluto Debug output.
OpenSwan is running as an initiator on a Redhat Enterprise 5.10 server, using the RedHat provided RPM package which is compiled with NSS support enabled.
Per this info:
I should be able to enable plutodebug=crypt see the "enc key" in the pluto debug output (--debug-crypt option on pluto). But the pluto debug output only has this:
| NSS: Started key computation
| NSS: enc keysize=24
| NSS: Freed 25-39 symkeys
| NSS: copied skeyid_d_chunk
| NSS: copied skeyid_a_chunk
| NSS: copied skeyid_e_chunk
| NSS: copied enc_key_chunk
| NSS: Freed symkeys 1-23
| NSS: Freed padding chunks
Frustrated I looked in the pluto sourcecode and it appears that the "enc key" output is only output to the log if LIBNSS is not configured:
DBG_dump_chunk("Skeyid: ", *skeyid_chunk);
DBG_dump_chunk("enc key:", *enc_key_chunk);
Does anybody know how to get the "enc key" data to enter into the Wireshark ISAKMP Preferences IKEv1 settings? Is there a command to extract it from libNSS? I did a bunch of Googling but didn't find anything useful.
I could probably recompile without LIBNSS, or try to put the dump software outside the HAVE_LIBNSS block, but it would be nice to know if there is a better way.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Users