Forum Discussion
rajeshramhit_11
Nimbostratus
NimbostratusRSA Encryption Support on F5 LTM
Hi All,
I have a requirement to encrypt certain POST Contents with Public Key from downstream server before its passed on to it through an untrusted network.
Is it possible to use RSA Publi...
nitass
Employee
Employeei do see only rsa-priv and rsa-pub algorithms.
e.g.
configuration
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) create sys file ifile keyfile1 source-path file:///config/ssl/ssl.key/default.key
Copying file "file:///config/ssl/ssl.key/default.key" ...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 1704 100 1704 0 0 2411k 0 --:--:-- --:--:-- --:--:-- 0
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) create ltm ifile keyifile1 file-name keyfile1
root@(ve11a)(cfg-sync Changes Pending)(Active)(/Common)(tmos)
root@(ve11a)(cfg-sync In Sync)(Active)(/Common)(tmos) list ltm rule qux
ltm rule qux {
when RULE_INIT {
set static::key [ifile get keyifile1]
}
when HTTP_REQUEST {
HTTP::collect [HTTP::header "Content-Length"]
}
when HTTP_REQUEST_DATA {
HTTP::respond 200 content [CRYPTO::decrypt -alg rsa-priv -key $static::key [b64decode [HTTP::payload]]]
}
}
generate encrypted text
[root@ve11a:Active:In Sync] config echo "hello world123" | openssl rsautl -encrypt -certin -inkey /config/ssl/ssl.crt/default.crt | base64
OBrsKKH2Ewi8nmbp7ZRzaJfC92WYJscCMlZQow6DOiBeSZ50Au8xLBMxko0JruJToiDRhtbKfGay
r6cMphQESmxXxbGBZy11DayfIcPN1B3Vk5BeIRoion4RX+/hwICJFDP/oww3DT3ziiIt0jaMlKID
UGT53wWrhXnyBDGXzUoYmbGh4yv5d4GPIS5fF1qMmV21fuID3Fdhu3shdDEPPnvYDK45Qu5tHArO
cEeIwnG2KLPgmVGqLMjHC3uA8iVUw+U1ibsSUAbntwgu7Wv9pTgLCu4Qz2o4mojkCNuFlp5vY3hQ
7dZ9RjvkOhjF3VNHAgyIqX4TJDn6ntRioJeN1Q==
test
[root@centos1 ~] curl -i -d OBrsKKH2Ewi8nmbp7ZRzaJfC92WYJscCMlZQow6DOiBeSZ50Au8xLBMxko0JruJToiDRhtbKfGayr6cMphQESmxXxbGBZy11DayfIcPN1B3Vk5BeIRoion4RX+/hwICJFDP/oww3DT3ziiIt0jaMlKIDUGT53wWrhXnyBDGXzUoYmbGh4yv5d4GPIS5fF1qMmV21fuID3Fdhu3shdDEPPnvYDK45Qu5tHArOcEeIwnG2KLPgmVGqLMjHC3uA8iVUw+U1ibsSUAbntwgu7Wv9pTgLCu4Qz2o4mojkCNuFlp5vY3hQ7dZ9RjvkOhjF3VNHAgyIqX4TJDn6ntRioJeN1Q== http://172.28.24.10
HTTP/1.0 200 OK
Server: BigIP
Connection: Keep-Alive
Content-Length: 15
hello world123
