[SMB3][PATCH] dump encryption keys to allow wireshark debugging of encrypted

Steve French smfrench at gmail.com
Fri Sep 20 07:07:22 UTC 2019

kernel patch updated to check if encryption is enabled

In order to debug certain problems it is important to be able
to decrypt network traces (e.g. wireshark) but to do this we
need to be able to dump out the encryption/decryption keys.
Dumping them to an ioctl is safer than dumping then to dmesg,
(and better than showing all keys in a pseudofile).

Restrict this to root (CAP_SYS_ADMIN), and only for a mount
that this admin has access to.

Sample smbinfo output:
SMB3.0 encryption
Session Id:   0x82d2ec52
Session Key:  a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
Server Encryption Key:  1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
Server Decryption Key:  e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88


-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-smb3-allow-decryption-keys-to-be-dumped-by-admin-for.patch
Type: text/x-patch
Size: 3676 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190920/c2e10ef4/0001-smb3-allow-decryption-keys-to-be-dumped-by-admin-for.bin>

More information about the samba-technical mailing list