Ok, so I realize that my title is very vague. Let me elaborate. This is my situation:
I'm in a testing environment, so I know all of the variables (WPA2 network password/PSK key). I performed a wireless network capture with Wireshark on a WPA2 encrypted network while my adapter was in monitor mode, so the wireless driver didn't automatically decrypt any of the data it passed to Wireshark, thus all I saw was packets labeled with the "802.11" protocol. I sent out a few de-authentication packets to capture all nearby devices' WPA2-PSK temporary session keys. I then went to Wireshark's Edit>Preferences>Protocols>IEEE 802.11 and enabled key decryption, entering my networks WPA-PSK, and after tinkering with some pesky FCS and protection bit settings, was able to successfully decrypt data in real time. So I started up my phone and went to a website without SSL that had image data, and saw the data go through wireshark. So I was able to successfully capture that data. I saved it into a pcap file so it could be easily read by external programs (the one I had in mind was driftnet).
However, when I went to driftnet, it didn't see any of the images I expected it to. Odd. So I went back over to wireshark and opened the pcap, tinkered with the settings, then realized that it saved the raw version, not the version with the decrypted WPA2 data. Well bullocks.
In my current situation, is there any software package I can use to decrypt the pcap file (NOT just for a Wireshark viewing session, but actually change the packets in the file)? Does Wireshark offer it indigenously?
TL;DR: I know the PSK of a WPA2 network and have a pcap of some images sent through it. Can I run the pcap file through a decrypter so I can see the images in driftnet?
