Is it possible to decrypt my XMPP server traffic using private key?

Question

I can provide more detail if necessary, but my question is basically thus:

If I'm running an openfire server that encrypts traffic using an RSA pub/priv key combo that I created (and have), is there a way (preferably in Java) to sniff packets off the wire and then decrypt them using my private key? Currently I can encrypt/decrypt a string using the following:

public class TLSDecryptTest {

Cipher Ecipher;
Cipher Dcipher;

public TLSDecryptTest(String pubpath, String privpath){
    byte[] publicKeyContentsAsByteArray;
    RSAPublicKey pubKey;
    try {
    this.Ecipher = Cipher.getInstance("RSA");
    String path1 = new String("C:\\Users\\peter.marino\\Desktop\\javapub.key");
    File pubFile = new File(path1);
    publicKeyContentsAsByteArray = new byte[(int)pubFile.length()];

        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(pubFile));
        publicKeyContentsAsByteArray = new byte[(int)pubFile.length()];
        bis.read(publicKeyContentsAsByteArray);
        bis.close();

        CertificateFactory certificateFactory = CertificateFactory.getInstance("X509");
        Certificate certificate = certificateFactory.generateCertificate(new ByteArrayInputStream(publicKeyContentsAsByteArray));
       pubKey = (RSAPublicKey) certificate.getPublicKey();
       this.Ecipher.init(Cipher.ENCRYPT_MODE, pubKey);
    } catch(Exception e) {
        System.out.println("Exception" + e);
    }

    try {
    this.Dcipher = Cipher.getInstance("RSA");
    String path2 = new String("C:\\Users\\peter.marino\\Desktop\\java.key");
    File privFile = new File(path2);
    byte[] privateKeyContentsAsByteArray = new byte[(int)privFile.length()];

        BufferedInputStream bis = new BufferedInputStream(new FileInputStream(privFile));
        privateKeyContentsAsByteArray = new byte[(int)privFile.length()];
        bis.read(privateKeyContentsAsByteArray);
        bis.close();

        KeyFactory keyFactory = KeyFactory.getInstance("RSA");

        KeySpec ks = new PKCS8EncodedKeySpec(privateKeyContentsAsByteArray);
        RSAPrivateKey privKey = (RSAPrivateKey) keyFactory.generatePrivate(ks);
        System.out.println("PRIVATE KEY:::: " + new String(privKey.getEncoded()).equals(new String(privateKeyContentsAsByteArray)));
        this.Dcipher.init(Cipher.DECRYPT_MODE, privKey);
    } catch(Exception e) {
        System.out.println("Exception" + e);
    }

}

 public byte[] en(byte[] decryptedMessage) throws Exception {
     byte[] encryptedMessage = this.Ecipher.doFinal(decryptedMessage);
     //byte[] encryptedMessage = this.Ecipher.doFinal(decryptedMessage);
     return (encryptedMessage);

 }


 public byte[] de(byte[] encryptedMessage) throws Exception {
     byte[] decryptedMessage = this.Dcipher.doFinal(encryptedMessage);
     return (decryptedMessage);

 }

public static void main(String args[]) throws Exception{
    TLSDecryptTest t = new TLSDecryptTest(null,null);
    String s = ("Testing decryption.1Testing decryption.2Testing decryption.3Testing decryption.4");
    System.out.println("S: " + s);
    byte[] todo = s.getBytes();
    byte[] e = t.en(todo);
    String es = new String(e);
    System.out.println("E: " + es);
    byte[] d = t.de(e);
    String ds = new String(d);
    System.out.println("D: " + ds);
}

}

which works fine. However, if I sniff a few packets off the wire and then try to decrypt it, I get errors. I even tried only decrypting the first 256 bytes of it, seeing as that's the limitation of my RSA key, but it still throws errors. Most notably, a BadPaddingException at the doFinal() line.

Any ideas?

Thanks in advance.

Answer 1

If you are talking about SSL-protected session, then man-in-the-middle attack is possible if you have a legitimate server's private key (and can obtain the certificate which is public anyway). For practical purpose you should be able to use Wireshark to spy on your traffic.

But you can't decrypt the traffic as is. Partially because it's not encrypted using public key cryptography - data is encrypted using symmetric key generated per session.

Answer 2

Wireshark will allow you to decrypt if you have the server's private key. Docs are here .

First, go to Edit/Preferences/Protocols/SSL, click the Edit button next to RSA Keys:

Next, click New. Fill out the form with information that describes when the key should be used. This should be the IP address and port of the server :

Your key file may or may not require a passphrase. Hit OK three times. Capture as usual.

Answer 3

No. With public key encryption, you can only ever decrypt with the opposite key. eg

encrypted with private key => decrypt with public key
encryptd with public key => decrypt with private key

consider the chaos that would happen if

encrypted with public key => decrypt with public key

were possible - since the public key is floating around "in the open" for everyone to see, you'd essentially be giftwrapping your data in saran wrap, because everyone would have the key to decrypt it already. This would completely torpedo the entire SSL security model.