Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

IheartF5_45022's avatar
IheartF5_45022
Icon for Nacreous rankNacreous
Sep 02, 2010

AES::encrypt - can decrypt function be carried out elsewhere?

If the F5 has used AES ecryption to encrypt a string via AES::encrypt, can the key be exported and used on another downstream device to decrypt? This downstream device could be     a) another...
application delivery
dev
devops
irules
DeVon_Jarvis's avatar
DeVon_Jarvis
Icon for Altostratus rankAltostratus
Sep 07, 2010
As Hamish said, this is possible, as long as you use a hardcoded key. Do not use [AES::key] command, as this generates a random key and the same key must be used to encrypt or decrypt. This is due to AES being a symmetric key encryption algorithm, meaning both sides need to use a shared key.

 

 

DeVon

 

patonbike's avatar
patonbike
Icon for Cirrus rankCirrus
Sep 17, 2020

Does anyone know the syntax to decrypt data on say, a linux machine with openssl command? I am trying to do this as a proof of concept. Obviously we are using a pre shared key.

What cipher is it?

This does NOT work:

 

openssl aes-256-ecb -d -K MY_AES_256_KEY_HERE base64 -in MY_F5_Base64_encoded_aes256_string_here.txt -debug