Hi, My requirement is like this: I have the access to the server certificate and hence the private, public key associated with the certificate are known to me. When the payload carying the encrypted Pre Master Secret arrives from the client, I(our application) need to fetch the encrypted PMS and then feed the code ( derived from opessl) with the Server Private key ( which has been loaded from the private key file ) So my assumption is that it will decrypt the RSA based keys. Is this right?
On Thu, Sep 25, 2008 at 9:13 AM, David Schwartz <[EMAIL PROTECTED]>wrote: > > prashanth s joshi: > > > Hi I have got a query to make here. So if I know the private > > key(permanant) of the server is it possible to decrypt the SSL traffic? > > You cut the answer to this exact question. It may or may not be possible, > depending on many factors. The permanent server key is just one of the > things you might need. > > This question cannot be answered without knowing the outer problem. Some > people carefully arrange things so that their SSL sessions are still secure > even if their host keys are compromised later. > > In general, no, you cannot decrypt a stored SSL session. However, if you > have a specific outer problem, there may be a good way to get the job done. > For example, here are two very different question: > > 1) I run a web server. I want to archive secure SSL sessions securely. Can > I > do it? > > 2) I run an ISP. I want to log my customer's SSL sessions invisibly so I > can > review them later for abuse purposes. Can I do it? > > 3) I run a company. I want to set up an SSL logging proxy, it can be > invasive and it's okay if it requires special setup on every machine. How > can I do it? > > See how these are all very different questions? There is no generic answer > except "maybe". > > DS > > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] >
