iRule Cryptographic commands

Question

Forgive me if someone has already addressed this in a previous post... 
&nbsp;  
&nbsp; Could someone please point me to some documentation listing out the cryptographic commands available within iRules?  Or e-mail the list to me if the list is too long.  ("chad" at "iship" dot "com")  I have not found the documentation for some of the commands referenced here in iRules.  (e.g. AES commands) 
&nbsp; BTW - The examples in this forum are invaluable.  Nice work and Thank You!  I hope more examples are included in the formal documentation in the future. 
&nbsp;  
&nbsp; Thank you in advance. 
&nbsp;  
&nbsp; -Chad

bl0ndie_127134 · Answer

Chad, here is a brief description of the available rules.   
      
   AES::key [“128” | “192” | “256”] - Create an AES key to encrypt/decrypt  
   data. We default to 128 bit key if the key length is not specified.   
      
   AES::encrypt   - Encrypt the data using   
   the previously created AES key.   
      
   AES::decrypt   - Decrypt the data using   
   the previously created AES key.   
      
   AES::encrypt_passwd   [“128” | “192” | “256”] -   
   Encrypt the data using a key generated from the pass phrase. We default  
   to 128 bit key if the key length is not specified.   
      
   AES::decrypt_passwd   [“128” | “192” | “256”] -   
   Decrypt the data using a key generated from the pass phrase. We default  
   to 128 bit key if the key length is not specified.

If you look through the previous postings, you should be able to find plenty of examples that demonstrate their use. Hope this helps!

chad_mentzer_14 · Answer

Thank you, very much. 
&nbsp;  
&nbsp; Do you happen to know if there are other similar undocumented commands?  For instance, DES, triple DES or access to asymmetric encryption?

bl0ndie_127134 · Answer

Those are all the encryption commands that we currently expose in TCL. Don't forget we have a much bigger array of ciphers available in our SSL filter.   
&nbsp;      
&nbsp;   We also expose some hashing and base64 encoding routines that is documented at.   
&nbsp;      
&nbsp;   http://devcentral.f5.com/Default.aspx?TabID=29&amp;newsType=ArticleView&amp;articleId=29 (Click here)

chad_mentzer_14 · Answer

A few more questions come to mind: 
&nbsp;  
&nbsp; 1)  If you purchase the BIG-IP FIPS Hardware Option, do the iRules use the hardware to do the encryption by default? 
&nbsp;  
&nbsp; 2)  Is it possible to save an AES key for export?  I would like to be able to share the key with a third party.  Also, I would like to be able to import a specific key to use for decryption.

bl0ndie_127134 · Answer

&gt; 1) If you purchase the BIG-IP FIPS Hardware ... 
&nbsp;     
&nbsp; This question can probably be answered best by your BigIP sales representative. 
&nbsp;  
&nbsp; &gt; 2) Is it possible to save an AES key for export.... 
&nbsp;  
&nbsp; The AES encryption exposed in iRules uses symmetric keys as you probably know by now. Although it is using very well established and secure cryptographic algorithms, it’s designed to generally be encrypted and decrypted within the BigIP. 
&nbsp;  
&nbsp; If you can provide us with a little bit more information on what you are trying to do, maybe we could try and see if there are other ways in which we could help you with your problem.

Forum Discussion

iRule Cryptographic commands

Recent Discussions

How to export a list of paired external service providers from APM?

How to Renew F5 Device Certificate

BIG IP LTM - Multiple application on single VIP with multiple ports allowed.

Service discovery is not happening in AS3

Statistics ›› Analytics : HTTP : Overview

Related Content

iRules Commands Updates

Power of tmsh commands using Ansible

iRules command: Switch vs If

iRules 101 - #12 - The Session Command

iRules Style Guide

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS