Forum Discussion

Nacreous

Sep 03, 2010

AES::encrypt - can decrypt function be carried out elsewhere?

If the F5 has used AES ecryption to encrypt a string via AES::encrypt, can the key be exported and used on another downstream device to decrypt? This downstream device could be a) another...

Nimbostratus

Sep 07, 2010

As Hamish said, this is possible, as long as you use a hardcoded key. Do not use [AES::key] command, as this generates a random key and the same key must be used to encrypt or decrypt. This is due to AES being a symmetric key encryption algorithm, meaning both sides need to use a shared key.

DeVon

patonbike
Cirrus
Sep 17, 2020
Does anyone know the syntax to decrypt data on say, a linux machine with openssl command? I am trying to do this as a proof of concept. Obviously we are using a pre shared key.
What cipher is it?
This does NOT work:

openssl aes-256-ecb -d -K MY_AES_256_KEY_HERE base64 -in MY_F5_Base64_encoded_aes256_string_here.txt -debug

Forum Discussion

AES::encrypt - can decrypt function be carried out elsewhere?

Recent Discussions

Wildcard SSL Certificate Deployment on F5 LTM

Migration from i series 10200 with 1 child VCMP to r series 10900 series

Open Redirection Mitigation

GTM Packet Capture command

How to Implement 2 Way SSL in F5 LTM

Related Content

AES Encryption via iRules

F5 Cloud-Native Functions For Secure DNS

F5 Cloud-Native Functions For Secure Ingress

F5 Cloud-Native Functions For Modern Demands - Part 1

F5 Cloud-Native Functions For Modern Demands - Part 2