Forum Discussion
Rabbit23_116296
Nimbostratus
NimbostratusF5 CRYPTO methods
Does anyone have any usable code (any language) for the decryption of an F5/TCL encrypted string outside of TMM?
I can't find any documentation that covers how CRYPTO works. This is what I'm working with which is encrypting / decrypting but I cannot get this decrypted outside of the F5:
set foo "JP"
set key "355447422659484e37554a4d28494b3c"
set iv "2151415a325753582345444334524656"
set enc_msisdn [CRYPTO::encrypt -alg aes-256-cbc -keyhex $key -ivhex $iv $foo]
set dec_msisdn [CRYPTO::decrypt -alg aes-256-cbc -keyhex $key -ivhex $iv $enc_msisdn]
log local0. "CRYPTO::encrypted: [b64encode $enc_msisdn]"
log local0. "CRYPTO decrypted: $dec_msisdn"
2 Replies
Here's how I did it with OpenSSL
when RULE_INIT { set static::hexkey "01020304050607080900010203040506" log local0.info"====Rule_Init====" log local0.info "Key is $static::hexkey" log local0.info"=================" } when HTTP_REQUEST{ in real use make a proper IV set iv [CRYPTO::keygen -alg random -len 128] in testing it's easier to use a static one set iv "01020304050607080900010203040506" set text_to_encrypt "This is some text that james encoded" set text_to_decrypt [b64decode "DRNSZkFVs1f7VvzrSBqRW6/5OmfDCFyZIe/XllRien8="] set enc_out_no_binary [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::hexkey -ivhex $iv $text_to_encrypt] set dec_in [CRYPTO::decrypt -alg aes-128-cbc -keyhex $static::hexkey -ivhex $iv $text_to_decrypt] log local0.info "The decrypted NO binary $dec_in" log local0.info "The Encrypted NO binary Base64 is -[b64encode "$enc_out_no_binary"]-" binary scan $enc_out_no_binary H* enc_hex log local0.info "The Encrypted NO binary Hex is -$enc_hex-" log local0.info "This is the IV $iv" HTTP::respond 200 content "All is OK\r\n" connection close }And from a box with openssl installed:
Apr 4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : ====Rule_Init==== Apr 4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : Key is 01020304050607080900010203040506 Apr 4 22:27:40 lab11-2 info tmm[12035]: Rule /Common/foo : ================= Apr 4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The decrypted NO binary This is the test string Apr 4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The Encrypted NO binary Base64 is -7pBWsiQsifgaIECSBXhA5kqJQ1MO0VvqWznuJIzLrFukU0e/ki1Q0G/x9r6JdUNP- Apr 4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : The Encrypted NO binary Hex is -ee9056b2242c89f81a204092057840e64a8943530ed15bea5b39ee248ccbac5ba45347bf922d50d06ff1f6be8975434f- Apr 4 22:27:46 lab11-2 info tmm[12035]: Rule /Common/foo : This is the IV 01020304050607080900010203040506 [root@lab11-2:Active:Standalone] ~ cat>test.b64 7pBWsiQsifgaIECSBXhA5kqJQ1MO0VvqWznuJIzLrFukU0e/ki1Q0G/x9r6JdUNP [root@lab11-2:Active:Standalone] ~ base64 -d < test.b64 > test.enc base64: invalid input [root@lab11-2:Active:Standalone] ~ openssl aes-128-cbc -d -in test.enc -out test.txt -K "$key128" -iv "$iv" [root@lab11-2:Active:Standalone] ~ cat test.txt This is some text that james encoded[root@lab11-2:Active:Standalone] ~ [root@lab11-2:Active:Standalone] ~ echo $iv 01020304050607080900010203040506 [root@lab11-2:Active:Standalone] ~ echo $key128 01020304050607080900010203040506 [root@lab11-2:Active:Standalone] ~
Rabbit23_116296Thank, I'll keep testing.
My question has been posted here too and if you / anyone could glance over it I would be very grateful: [https://stackoverflow.com/questions/21701584/aes-encryption-between-c-sharp-and-f5-load-balancer-tcl]
