[SMB3][PATCH] dump encryption keys to allow wireshark debugging of encrypted
smfrench at gmail.com
Fri Sep 20 07:20:20 UTC 2019
And updated patch for cifs-utils ("smbinfo keys <filename>")
On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench at gmail.com> wrote:
> kernel patch updated to check if encryption is enabled
> In order to debug certain problems it is important to be able
> to decrypt network traces (e.g. wireshark) but to do this we
> need to be able to dump out the encryption/decryption keys.
> Dumping them to an ioctl is safer than dumping then to dmesg,
> (and better than showing all keys in a pseudofile).
> Restrict this to root (CAP_SYS_ADMIN), and only for a mount
> that this admin has access to.
> Sample smbinfo output:
> SMB3.0 encryption
> Session Id: 0x82d2ec52
> Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
> Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
> Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 3208 bytes
Desc: not available
More information about the samba-technical