Forum Discussion
Harold_Deadman_
Nimbostratus
NimbostratusAES decryption returning empty string
I am working on encrypting some cookies but I must be doing something wrong because I get empty strings when I decrypt the cookie. I have made the following example to demonstrate what I am seeing. Does anyone see what I am doing wrong? This is on 9.4. Thanks.
when RULE_INIT {
set ::key [AES::key 256]
set stringtoencrypt "Testing encryption"
set encrypted [b64encode [AES::encrypt $::key $stringtoencrypt]]
log local0. "Encrypted and encoded $encrypted"
set decrypted [AES::decrypt $::key [b64decode $encrypted]]
log local0. "Decrypted and decoded $decrypted"
}
From the local logfile, note the decrypted value is empty:
Fri Apr 13 19:43:24 BST 2007 tmm tmm[1579] Rule : Decrypted and decoded
Fri Apr 13 19:43:24 BST 2007 tmm tmm[1579] Rule : Encrypted and encoded Ppoyd/a17LTVDQgmjJ39rXstNUNCLmJpDJvOlymi0allgb/MviS9JloTerv/ZrlefNnosSpI=
18 Replies
Mark_CuroleThis problem appears to be in 9.3 as well. Any eta on a patch?- Scott_Larsonyes. the eta is hotfix 9.4.1 which I think is available now.
- I've already contacted Support to find out if a hotfix is avail for 9.3, haven't heard back yet.
9.4.1 is a sub-release of 9.4.0, and we are currently offering hotfix6 for 9.4, so this fix may be included in 9.4.1 (no hotfix) only, or also in 9.4.0 (hotfix??), so I've also asked for clarification on what versions/hotfixes contain the fix for the 9.4 branch.
Will post back once I hear the official word. If you're desperate to find out before I post back, you might get a quicker answer if you were to ask Support directly.
/deb 
Eirik_GjestelanCan anybody confirm that this problem exists on 9.3 as well? We migrated from 9.1.1 to 9.3 and started getting empty strings when decrypting a base64 decoded string. If so, any word on the 9.3 fix?
hoolioCirrostratus
Hi,
The CR info is:
AES::decrypt and TCP base64-decoded data (CR79907)
The AES::decrypt method does not work with certain types of TCP base64-decoded data. The iRule actually returns a blank string instead of the correct data.
You could contact support to get confirmation on whether the bug exists in 9.3 and whether there is a hotfix for that version.
Aaron- Mark_CuroleThe bug definitely exists in 9.3, and I have not been able to get anything from support on a hotfix for this. This is very disappointing because 9.3 is supposed to be the maintainance release tree and this is a major bug.
kendalladkins_5I am currently running BIG-IP 9.4.1 Build 29.0 and I still see the problem discussed in this thread. Has anyone confirmed that this problem was resolved in 9.4.1?- In fact, this is not resolved in 9.4.1. CR79907 is resolved in 9.4.2, as well as v9.3.1 and v9.3.0 HF3.
