Forum Discussion

Nimbostratus

Mar 17, 2010

problem to decrypt AES

Hello, I have currently some problems with to decrypt AES encrypted string in f5 irules. In fact It works well when I encrypt and decrypt a string in the same irule, but ...

Employee

Jul 08, 2011

When specifying a key to AES::encrypt or AES::decrypt it can either be a key object as generated by AES::key (a string with the correct format) or a passphrase.

The AES::key command generates object represented as a list with 3 elements or a string in the format "AES (128 | 192 | 256) <32, 48, 64 HEX digits respectively>". If you are using a string to set the key, it must be in this format.

A string that does not match the above format will be interpreted as a passphrase and will be used (along with random salt) to generate a key. This is where AES::decrypt is affected by ID224113.

You need to change

set ::key be474444865c70f3e13624aec61eb292cef6cf5c4ce1725dd4fa49a93bf997c8

set ::key "AES 256 be474444865c70f3e13624aec61eb292cef6cf5c4ce1725dd4fa49a93bf997c8"

Now, using global variables and CMP is a whole other discussion. :)

http://devcentral.f5.com/wiki/default.aspx/iRules/CMPCompatibility.html

Jason

Forum Discussion

problem to decrypt AES

Recent Discussions

SEEK ADVICE FROM WEB BAILIFF CONTRACTOR ON STOLEN CRYPTO

Errors in setup of BIGIP-NEXT CM VE on KVM

AS3 Deployments (shared objects)

rSeries and tenant upgrades

iRule interpretation assistance

Related Content

Decrypting BIG-IP Packet Captures without iRules

Decrypting BIG-IP Packet Captures Automatically

Decrypting TLS with the tcpdump sslprovider

Chameleon Malware, Ransomware Decryption Tool Dec 18-24, 2023 - F5 SIRT - This Week in Security

PowerShell to iRule AES-CBC conversation using random IV values