Thanks, this is very useful functionality! A couple comments below. kernel patch: + cifs_dbg(VFS, "ioctl dumpkey\n"); /* BB REMOVEME */ please remove this or change to FYI. user space patch: + if (keys_info.cipher_type == 1) + printf("CCM encryption"); + else if (keys_info.cipher_type == 2) + printf("GCM encryption"); + else if (keys_info.cipher_type == 0) + printf("SMB3.0 encryption"); ^^^ SMB3.0 encryption is CCM, so, let's not confuse users and print "CCM encryption" for both cipher_type values of 0 and 1. Best regards, Pavel Shilovskiy пт, 20 сент. 2019 г. в 00:20, Steve French via samba-technical <samba-technical@xxxxxxxxxxxxxxx>: > > And updated patch for cifs-utils ("smbinfo keys <filename>") > > > On Fri, Sep 20, 2019 at 2:07 AM Steve French <smfrench@xxxxxxxxx> wrote: > > > > kernel patch updated to check if encryption is enabled > > > > In order to debug certain problems it is important to be able > > to decrypt network traces (e.g. wireshark) but to do this we > > need to be able to dump out the encryption/decryption keys. > > Dumping them to an ioctl is safer than dumping then to dmesg, > > (and better than showing all keys in a pseudofile). > > > > Restrict this to root (CAP_SYS_ADMIN), and only for a mount > > that this admin has access to. > > > > Sample smbinfo output: > > SMB3.0 encryption > > Session Id: 0x82d2ec52 > > Session Key: a5 6d 81 d0 e c1 ca e1 d8 13 aa 20 e8 f2 cc 71 > > Server Encryption Key: 1a c3 be ba 3d fc dc 3c e bc 93 9e 50 9e 19 c1 > > Server Decryption Key: e0 d4 d9 43 1b a2 1b e3 d8 76 77 49 56 f7 20 88 > > > > > > -- > > Thanks, > > > > Steve > > > > -- > Thanks, > > Steve