1 (edited by cxenof03 2021-04-04 16:00:33)

Topic: Where to get the private keys from DH in the client/server example ?

I am using the #define WOLFSSL_STATIC_EPHEMERAL setting so I have static keys in order to be able to decrypt my packets. I get from a client/server ( from the examples ) run, that the used curve is SECP256R1 which I think is fine and I could use either that or FFDHE2048.

1.) Now, I need to be able from the code of the examples ( client and server ) to be able to get their private keys.
At which point of the code's can I get these ( without the STATIC EPHEMERAL )?

2.)  If I use the static ephemeral, do the buffers at:

 ssl->ctx->staticKE->dhKey and eccKey

correspond to the private keys of the ffdhe-2048 and secp256r1 ? Because during debugging I can see something completely different even when trying to decode it from the octal value that the debugger gives me to ASCII. (See attached screenshot: [img]privateKey.PNG[/img])

3.) Last question, the sent public keys as seen Wireshark of the ClientHello and ServerHello can be seen in the Key Share Entry: Group: secp256r1 > Key Exchange 04faa99a... ? ( this is more to confirm that I am indeed capturing the correct public keys )

Thank you

Post's attachments

privateKey.PNG
privateKey.PNG 88.88 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.

Share

Re: Where to get the private keys from DH in the client/server example ?

Hi cxenof03,

1) Good point. I put up a PR with API's for getting the static ephemeral here:
https://github.com/wolfSSL/wolfssl/pull/3942

2) Those are pointers to DerBuffer (ASN.1) with members `buffer` and `length`. The above PR should solve this for you.

3) Yes the KeyShare public keys will map to the static ephemeral keys.

Thanks,
David Garske, wolfSSL

Share

Re: Where to get the private keys from DH in the client/server example ?

Thank you David,

That was indeed helpful.

Best,
Chris

Share