Dumping key to file
Matt Caswell
matt at openssl.org
Wed Mar 10 14:28:51 UTC 2021
On 10/03/2021 13:35, Jeremy Harris wrote:
> On 10/03/2021 13:14, Harish Kulkarni wrote:
>> My application is built along with openssl library source code. We
>> want to
>> dump keys to a file for decrypting TLS flows from network captures.. is
>> there any flag or environment variable which we can set during building
>> application or while running application.
>
> Env var SSLKEYLOGFILE
That is not an OpenSSL environment variable (I think that's an NSS thing).
In order to log keys you need to set the key logging callback via
SSL_CTX_set_keylog_callback.
The callback needs to look like this:
typedef void (*SSL_CTX_keylog_cb_func)(const SSL *ssl, const char *line);
It should write the data provided in "line" to wherever you want to
store the key data.
See:
https://www.openssl.org/docs/man1.1.1/man3/SSL_CTX_set_keylog_callback.html
If you are using the OpenSSL command line then you can use the
"-keylogfile" option to s_client or s_server to specify the filename for
where you want keys logged.
Matt
More information about the openssl-users
mailing list