For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

ARS_70214's avatar
ARS_70214
Icon for Nimbostratus rankNimbostratus
Mar 17, 2010

problem to decrypt AES

Hello,     I have currently some problems with to decrypt AES encrypted string in f5 irules.     In fact It works well when I encrypt and decrypt a string in the same irule, but ...
application delivery
dev
devops
iRules
JCohen's avatar
JCohen
Ret. Employee
Jul 08, 2011
When specifying a key to AES::encrypt or AES::decrypt it can either be a key object as generated by AES::key (a string with the correct format) or a passphrase.

 

 

The AES::key command generates object represented as a list with 3 elements or a string in the format "AES (128 | 192 | 256) <32, 48, 64 HEX digits respectively>". If you are using a string to set the key, it must be in this format.

 

 

A string that does not match the above format will be interpreted as a passphrase and will be used (along with random salt) to generate a key. This is where AES::decrypt is affected by ID224113.

 

 

 

You need to change

 

set ::key be474444865c70f3e13624aec61eb292cef6cf5c4ce1725dd4fa49a93bf997c8

 

to

 

set ::key "AES 256 be474444865c70f3e13624aec61eb292cef6cf5c4ce1725dd4fa49a93bf997c8"

 

 

Now, using global variables and CMP is a whole other discussion. :)

 

http://devcentral.f5.com/wiki/default.aspx/iRules/CMPCompatibility.html

 

 

Jason