cryptography and irules

Hi Rabbit,

I'd use the AES iRule commands. https://devcentral.f5.com/wiki/iRules.AES.ashx

Hi Rabbit - you do need to use the CRYPTO commands to do this. The AES commands were more or less superceded by CRYPTO, and the CRYPTO commands are the only ones that let you encrypt/decrypt data from a non-F5 device.

Thanks - I am able to successfully encrpyt and decrpyt string in a C visual studio project and the same in TCL F5. Just not able to decrypt outside their own environments.

I will keep at it, the C methods use AesCryptoServiceProvider(), probably just the way TCL/C methods encode the keys to bytes. The irule:

set foo "plaintextstring"
set key "abed1ddc04fbb05856bca4a0ca60f21e" 
set iv "20140204c1231060"
set enc_msisdn [CRYPTO::encrypt -alg aes-128-cbc -keyhex $key -ivhex $iv $foo]
set dec_msisdn [CRYPTO::decrypt -alg aes-128-cbc -keyhex $key -ivhex $iv $enc_msisdn]

log local0. "CRYPTO::encrypted: [b64encode $enc_msisdn]"
log local0. "CRYPTO decrypted: $dec_msisdn"
   

I found someone with a similar issue and it could just be what I'm experiencing. I am not sure, however, if CRYPTO is TCL or C based.

http://stackoverflow.com/questions/21558252/tcl-aes-c-sharp-aes-tcl-encrypted-text-is-ascii

If anyone knows of any documentation around how CRYPTO works in the back end it would be very helpful.