Richard E. Silverman
2024-03-18 03:33:30 UTC
Hello,
I have a patch to libkrb5 which implements a feature similar to the SSLKEYLOGFILE environment variable that’s now in pretty wide use for TLS: it logs session keys to a keytab named by KRB5KEYLOGFILE. The main use for this, just as with the TLS version, is to decrypt packet captures with Wireshark; the latter’s KRB5 dissector takes a keytab as input.
Prior to making this patch I would just export session keys from the client ccache using a little program I wrote to do that. But there are two situations motivating KRB5KEYLOGFILE for which that method doesn’t work:
1. Newer public-key based Kerberos extensions such as PKINIT and SPAKE produce session keys which never end up in the ccache or on the wire at all, and (deliberately) cannot be derived by a passive observer; and
2. A client may not have access to the session keys in its ccache, e.g. if it’s using gssproxy.
The patch is in a primitive state right now, just a hack I keep in an MIT Kerberos build I use for debugging, or for producing sample packet captures for study. I have thought about cleaning it up to contribute it, but first wanted to check whether you’d be interested in taking it at all.
Thanks,
Richard Silverman
I have a patch to libkrb5 which implements a feature similar to the SSLKEYLOGFILE environment variable that’s now in pretty wide use for TLS: it logs session keys to a keytab named by KRB5KEYLOGFILE. The main use for this, just as with the TLS version, is to decrypt packet captures with Wireshark; the latter’s KRB5 dissector takes a keytab as input.
Prior to making this patch I would just export session keys from the client ccache using a little program I wrote to do that. But there are two situations motivating KRB5KEYLOGFILE for which that method doesn’t work:
1. Newer public-key based Kerberos extensions such as PKINIT and SPAKE produce session keys which never end up in the ccache or on the wire at all, and (deliberately) cannot be derived by a passive observer; and
2. A client may not have access to the session keys in its ccache, e.g. if it’s using gssproxy.
The patch is in a primitive state right now, just a hack I keep in an MIT Kerberos build I use for debugging, or for producing sample packet captures for study. I have thought about cleaning it up to contribute it, but first wanted to check whether you’d be interested in taking it at all.
Thanks,
Richard Silverman