Forum Discussion
NimbostratusHow cookie is encrypted in persistance profile ?
Hi all,
i'm wondering how to decode in iRule the cookie encrypted in persistence profile ?
Till now i have tried:
b64decode [AES::decrypt $::key $cookie] or [AES::decrypt $::key [b64decode $cookie]
HTTP::cookie decrypt $cookie $::key "192"
No success :( The key is the same in iRule and in persistence profile.
Any hints ?
9 Replies
It's not encrypted like that, a little math will do the trick..
Read this
https://support.f5.com/kb/en-us/solutions/public/6000/900/sol6917.html?sr=42074214
Then tinker with this
https://devcentral.f5.com/wiki/iRules.Persistence_Cookie_Logger.ashx
Darek_H_152835I think you don't understand correctly my problem. I know how F5 is encoding the IP:port (with and without partitions) that's why i would like to encrypt it (because it's widely known and everyone can decode the IP:port from this cookie). The problem is i can't decode the encrypted cookie in iRule with passpharase that is the same as in the Cookie Persistence Profile. Hope you understand
Brad_ParkerCirrus
We use this in a couple iRules
set decryptedCookie [HTTP::cookie decrypt $cookieName $passPhrase "192"]- Darek_H_152835
This is how i have understand it from the F5 doc's, but for me the decrypted value is empty, means the decryption was not ok...
That is the second example from my post.
As i understood from your post - this is working for you. Which version of F5 are you running (my is 11.5.0 HF4) ?
- Brad_ParkerWe are running 11.5.1HF5
- Brad_ParkerAre you using an AES::key for the actual pass-phrase you used in the persistence profile? Also, AES::decrypt will not work with a pass-phrase because of bug 224113 according to the DevCentral Wiki.
gsharriAltostratus
I am using the same syntax in Brad's example to decrypt cookies that have been encrypted by a cookie-insert persistence profile. v11.5.0
@Derek - Ah sorry about that ;)- yeah HTTP::cookie decrypt is working for us in 11.5 - but on a newer hotfix. We're using a similar syntax to Brads example - Maybe post the complete rule?
- Darek_H_152835
@iRuleYou - below is:
1 - the persistence cookie definition:
ltm persistence cookie persist_Test { app-service none cookie-encryption required cookie-encryption-passphrase $M$jb$wzkKy+0kkZgRly/uKWOlcQ== cookie-name Test defaults-from /Common/cookie timeout 180 }2 - iRule i'm using for testing:
when CLIENT_ACCEPTED { set encryption_passphrase "7618" set cookiename "Test" } when HTTP_REQUEST { if {[HTTP::cookie exists $cookiename] } { set encrypted [HTTP::cookie $cookiename] set decrypted [HTTP::cookie decrypt $cookiename $encryption_passphrase "192"] if { ($decrypted eq "") } { log local0. "Cookie NOT DECRYPTED Properly !!!!" } log local0. "Cookie: Encrypted -> $encrypted, Decrypted -> $decrypted" } } when HTTP_RESPONSE { set $pcookie "123456" HTTP::cookie insert name $cookiename value $pcookie path "/" HTTP::cookie encrypt $cookiename $encryption_passphrase "192" }Right now i can decode the cookie properly, but when i'm encrypting my cookie from iRule then i can't decrypt it properly.
Thanks for any hints on it.
