Forum Discussion
Magnum_IP
Nimbostratus
NimbostratusLooking for advice on CRYPTO::sign and CRYPTO::verify
Hoping someone can help...
The documentation around the CRYPTO::sign and CRYPTO::verify commands is minimal and I can't find any worked examples online. Couple that with my limited knowledge of ...
Kevin_Stewart
Employee
EmployeeIn response to your query on using the AES commands, which are a lot more straightforward, I have a requirement to us CBC mode encryption and it is my understanding that the AES commands use CWC, the CRYPTO commands allow you to choose CBC.
The nature of the way AES works in iRules generally precludes it from being used "off-box", such that you could encrypt something on one device and decrypt it with another. That said, if you were only ever encrypting and decrypting on the same box, I don't see why it would matter, technically, which algorithm you used (unless you have some policy-based requirement).
It is appreciated that signing really only protects against cookie tampering and does not stop the cookie being stolen and used by another client. To that end I would like to have something, however small, in the cookie which could tie the cookie to the client. I'm working on an internet based app so client IP doesn't really cut it. Any suggestions?
There's an entire science behind this form of "fingerprinting", and not something that's particularly easy to do. A good source for information is the Panopticlick website:
It's also something that the Application Security Manager (ASM) module does rather well.