[SMB3][PATCH] dump encryption keys to allow wireshark debugging of encrypted
Steve French
smfrench at gmail.com
Fri Sep 20 07:20:20 UTC 2019
And updated patch for cifs-utils ("smbinfo keys <filename>")
On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench at gmail.com> wrote:
>
> kernel patch updated to check if encryption is enabled
>
> In order to debug certain problems it is important to be able
> to decrypt network traces (e.g. wireshark) but to do this we
> need to be able to dump out the encryption/decryption keys.
> Dumping them to an ioctl is safer than dumping then to dmesg,
> (and better than showing all keys in a pseudofile).
>
> Restrict this to root (CAP_SYS_ADMIN), and only for a mount
> that this admin has access to.
>
> Sample smbinfo output:
> SMB3.0 encryption
> Session Id: 0x82d2ec52
> Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71
> Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1
> Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88
>
>
> --
> Thanks,
>
> Steve
--
Thanks,
Steve
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-smbinfo-print-the-security-information-needed-to-dec.patch
Type: text/x-patch
Size: 3208 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20190920/b51d878c/0001-smbinfo-print-the-security-information-needed-to-dec.bin>
More information about the samba-technical
mailing list