Decrypt AES Cookie outside of the load balancer
Whenever we see issues with a particular application server, our QA team decodes the F5 cookie to isolate the problematic server. However, after we implemented the encryption of the F5 cookies, they are no longer able to do so.
The obvious solution is to create an iRule that isolates our corporate IP segment on the LTM and decrypt the cookies. However, we would prefer to leave all cookies encrypted in our corporate environment and provide our QA folks with a utility they can use to decrypt the cookies.
Provided that I know the cookie secret, how can I mimic the 'decrypt' command outside of the load balancer? I have looked at various AES decryption tools but am unable to decrypt the cookies manually. If there's a resource that points to the exact specs the LTM uses to encrypt or covers API calls for this purpose, please let me know.
Any help would be appreciated, thanks!