Forum Discussion
Kevin_Stewart
Employee
EmployeeAES functions
Hello Devcentral gurus,
Does anyone know the specifics of the AES functions and how they work. Specifically, look at the following code snippet:
set testkey "test"
set testdat...
hooleylist
Cirrostratus
CirrostratusHi Kevin,
I'm not sure whether the encrypted string should always be the same if the source string is the same. I think the different outputs you're seeing could be tied to a salt or nonce, but I haven't delved into encryption enough to know.
Regardless of whether the encrypted value varies over time, I expect that every value would be decryptable using the key. Could you try decrypting the value on a subsequent request?
If I take the key you listed with the base64 encoded and encrypted strings you have, I get the correct decrypted values on a 9.4.3 unit:
when RULE_INIT {
set ::key [list AES 128 eaa18b3c04c914f9e2fb8a6c9e479f4f]
log local0. "list length of key: [llength $::key]"
log local0. "\$::key: $::key"
set ::b64_encoded_encrypted_string "TLkDvsXpttnYyJBMuQO+xem22djIkDLR5Xl32d9syl8l4t+LCI+WuG4VvVKQt/b4jSOtBA=="
log local0. "\$::b64_encoded_encrypted_string: $::b64_encoded_encrypted_string"
log local0. "Decrypted string: [AES::decrypt $::key [b64decode $::b64_encoded_encrypted_string]]"
set ::b64_encoded_encrypted_string "hhNtFA/zVoJhJz6GE20UD/NWgmEnPof2Nalx2gy6lrsFUxRsiR+bA/ivrV+zjwANgc8Hrw=="
log local0. "\$::b64_encoded_encrypted_string: $::b64_encoded_encrypted_string"
log local0. "Decrypted string: [AES::decrypt $::key [b64decode $::b64_encoded_encrypted_string]]"
set ::b64_encoded_encrypted_string "JzTGR0I2AL+G0dYnNMZHQjYAv4bR1mAUL1SMYguNEE29thMEzliMW74hgEFQ5iu5X9ctUw=="
log local0. "\$::b64_encoded_encrypted_string: $::b64_encoded_encrypted_string"
log local0. "Decrypted string: [AES::decrypt $::key [b64decode $::b64_encoded_encrypted_string]]"
}Output:
Rule : list length of key: 3
Rule : adh $::key: AES 128 eaa18b3c04c914f9e2fb8a6c9e479f4f
Rule : $::b64_encoded_encrypted_string: TLkDvsXpttnYyJBMuQO+xem22djIkDLR5Xl32d9syl8l4t+LCI+WuG4VvVKQt/b4jSOtBA==
Rule : Decrypted string: This is a test
Rule : $::b64_encoded_encrypted_string: hhNtFA/zVoJhJz6GE20UD/NWgmEnPof2Nalx2gy6lrsFUxRsiR+bA/ivrV+zjwANgc8Hrw==
Rule : Decrypted string: This is a test
Rule : $::b64_encoded_encrypted_string: JzTGR0I2AL+G0dYnNMZHQjYAv4bR1mAUL1SMYguNEE29thMEzliMW74hgEFQ5iu5X9ctUw==
Rule : Decrypted string: This is a testAlso, the HTTP::cookie encrypt/decrypt functions do encrypt the cookie value using a passphrase sent to the client to prevent it from being tampered with. Either method should work for the scenario you describe.
Aaron