RSA key management was added in release 1.7.
CloudShark allows users to decrypt SSL traffic within a capture file. RSA keys must be added and managed by an Admin user, and can be shared with other users or groups on a per key basis.
Admin users can manage RSA keys by visiting the RSA Keys page within the Administration menu. This page displays all of the active RSA keys on the system, and allows Admin users to add, delete, and edit RSA keys.
Any RSA keys can be added to CloudShark in unencrypted PEM format or encrypted PKCS#12 format. To add a new RSA key, click the Add RSA Key and click the Keyfile button to select a key to upload. Select the Format of the key and if you are uploading a PKCS#12 format key enter the encryption password. They key must be a given a name and optionally a description. In addition, the key must be made accessible to a single user or to a group.
When using PKCS#12 format the key is stored encrypted on disk and is only decrypted in memory when the key is used.
Once an RSA key has been added, it will be available to those users that have access either by belonging to a group or by themselves owning the key. Read more about how to Decrypt Traffic with CloudShark.
CloudShark provides a central repository for RSA keys for the exclusive purpose of viewing encrypted capture data. RSA Keys may not be downloaded through CloudShark once they have been added. Admin users can choose to make RSA keys accessible for decryption to individual users or groups, and can also allow guests to view decrypted SSL traffic using specific keys, if guest access is enabled on the system. An RSA key can only be used for SSL decryption by the users and groups that have been explicitly granted access to that key by an Admin user.
This first of it’s kind system allows Admin users to allow other users or groups to view decrypted traffic without having to provide the RSA key(s) to the end users, where they may be significantly less secure.