Security keys used during the data capture process are kept in the data capture file itself (.anl extension) and also added to the Keys Management list of the analyzer software.
When reading a previously data capture .anl file (and when the ‘Try All File Keys’ checkbox in the Keys Management form is un-checked, the security keys included in the .anl will be updated according to the Keys Management form (i.e. keys that are included in the capture file but are not used to decipher encrypted data in it will be removed from the file and keys that appear in the Keys Management form and are not included in the .anl file but can be successfully used to decipher encrypted data in it will be added to the file for future use).
This is why changing a key ‘Default Security Level:’ parameter to ‘0 (no Encryption, no Authentication)’ and then loading a data capture file (or performing a real-time data capture process), can result in a confusing situation since in such a case even encrypted or authenticated packets may be analyzed as if they are not encrypted or authenticated at all and the packets’ fields and blocks might be wrongly dissected and represented in the analyzer views.
Being this the case IT IS STRONGLY RECOMMENDED NOT TO SET THE ‘Default Security Level’ TO LEVEL ‘0 (no Encryption, no Authentication)’.
In case a key ‘Default Security Level:’ parameter has been set to ‘0 (no Encryption, no Authentication)’, the ‘Try All File Keys’ checkbox in the Keys Management form is un-checked and then a data capture file loaded (thus such key is now included in the capture file security keys list), and in order to remove this key from the data capture (.anl) file and analyzer’s Keys Management list, the following process should be followed:
1. Open the Perytons Protocol Analyzer and make sure that no data capture file or workspace are loaded:
2 – Open the Keys Management list and clear the ‘Try All File Keys’ checkbox:
3 – If the Keys Management form does not include keys (from previous captures or fed manually) that you would like to keep and use for your future use, select all the keys in the list and click ‘Delete’ (all the keys will be deleted and the list emptied) and close the Keys Management form:
Click ‘OK’.
Go to step number 5.
4 – If the Keys Management form includes (from previous captures or fed manually) keys that you would like to keep in your Keys Management environment for your own use (e.g. future captures, etc.), you can find and delete only the key/s with ‘0 no Encryption, no Authentication’ Security Level’ setting (the level of a selected key is shown in the Key Editing form that appears when clicking ‘Modify’):
Click ‘OK’.
5 – Load the capture .anl file (‘New’) that was analyzed when the security key Security Level parameter was changed to ‘0 no Encryption, no Authentication’ (this data capture .anl file contains/may contain the key with the Security Level parameter set to ‘0 no Encryption, no Authentication)’ so it is removed from it. After the file is loaded the keys included in it will also be loaded into the analyzer ‘Keys Management’ list.
Find and delete the key with ‘0 no Encryption, no Authentication’ Security Level’ setting (the level of a selected key is shown in the Key Editing form that appears when clicking ‘Modify’):
5 – The data capture (.anl) file will be updated with the remaining keys on the ‘Keys Management’ list.
If appropriate (recommended), re-select the ‘Try All Known Keys’ and ‘Try All File Keys’ selection blocks and click OK:
The data capture (.anl) file as well as the Keys Management list of the analyzer do not longer include keys with ‘0 no Encryption, no Authentication’ Security Level settings.