Reputation: 55

How do I get master key in ssl session in java?

I have a sslscoket as server in my application and I am running java 1.6. I need the master secret key used during handshake to implement the MS-CHAP challenge response and so on. I have read that "The value of this master secret is known only to the underlying secure socket implementation and is not exposed through the SSLSession API"

How can I get the value of the master secret?

Thanks

Upvotes: 2

Answers (3)

user207421

Reputation: 311023

It isn't available via the API. As your quotation says.

NB The master secret is not a key.

Upvotes: -1

ruanhao

Reputation: 4922

Enumeration<byte[]> e = sslContext.sessionContext().getIds();
    while ( e.hasMoreElements() ) {
        byte[] b = e.nextElement();
        System.out.println("session id: " + DatatypeConverter.printHexBinary(b).toLowerCase());
        SSLSession session = sslContext.sessionContext().getSession(b);
        Class<?> c = Class.forName("sun.security.ssl.SSLSessionImpl");
        Field masterSecretField = c.getDeclaredField("masterSecret");
        masterSecretField.setAccessible(true);
        SecretKey k = (SecretKey)masterSecretField.get(session);
        System.out.println("secret: " + DatatypeConverter.printHexBinary(k.getEncoded()).toLowerCase());

    }

Upvotes: 2

Jaime

Reputation: 55

After a while I have managed to get the master secret used in the TLS hanshake. It is possible to get it using reflection and SSLSessionImpl.class

Upvotes: 0

How do I get master key in ssl session in java?

Answers (3)

Related Questions