[strongSwan] How to get encryption key for ISAKMP phase ?

Andreas Steffen andreas.steffen at strongswan.org
Wed Aug 8 07:58:45 CEST 2012

Hello Chetan,

the debug output line in ipsec_doi.c is:

    DBG_dump_chunk("enc key:", st->st_enc_key);

Thus grepping for "enc key:" should work. See also the
following example scenario  where --debug-crypt is enabled:




On 08.08.2012 04:59, Chetan Sharma wrote:
> Hi Guys,
> I can easily decrypt ESP packets but I also wanted to decrypt ISAKMP
> phase 1 encrypted packets. I asked the same question on Wireshark forum
> and got a really nice response
> here:http://ask.wireshark.org/questions/12019/how-can-i-decrypt-ikev1-packets
> The problem is I cannot seem to find the encryption key for phase 1. I
> was asked to do this:
> Look for *ICOOKIE* and *enc key* in the Pluto debug log.
> gw205:/# ps auxww | grep pluto
> root     24522  0.0  0.3  12572  3488 ?        Ss   15:46   0:00 /usr/libexec/ipsec/pluto --nofork --debug-raw *--debug-crypt* --debug-parsing --debug-emitting --debug-control --nocrsend --nat_traversal --keep_alive 60
> I cannot find enc key in the /var/log/messages file, any idea where I can find this ? The enc key is needed for the decryption of ISAKMP packets in WireShark
> Also this is a lab test :)
> Thanks
> Chetan
Andreas Steffen                         andreas.steffen at strongswan.org
strongSwan - the Linux VPN Solution!                www.strongswan.org
Institute for Internet Technologies and Applications
University of Applied Sciences Rapperswil
CH-8640 Rapperswil (Switzerland)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4502 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120808/8a741ae0/attachment.bin>

More information about the Users mailing list