28-Jul-2022 07:02
Good day
I need assistance with an iRule that can read the current time, add that as a timestamp and encrypt it in the header.
Regards
28-Jul-2022 13:16 - edited 28-Jul-2022 14:06
Interesting challenge. Try this?
when RULE_INIT {
set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}
when HTTP_REQUEST_SEND {
set time [clock seconds]
set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static:iv $time]
HTTP::header remove SECRETTIME
HTTP::header insert SECRETTIME [b64encode $encryptedtime]
}
You can test it like by applying this rule to a test VIP:
when RULE_INIT {
set static::key "fc2ed2bf490ad801c04ccd46b9d85b0c"
set static::iv "7e2fe021d573c0eedd93c4b2704b1b3e"
}
when HTTP_REQUEST {
set time [clock seconds]
set encryptedtime [CRYPTO::encrypt -alg aes-128-cbc -keyhex $static::key -ivhex $static::iv $time]
HTTP::respond 200 SECRETTIME [b64encode $encryptedtime]
}
And then test decrypting with curl and openssl:
curl -sI <ip> | grep SECRETTIME | awk '{print $2}' | openssl enc -a -d -aes-128-cbc -K fc2ed2bf490ad801c04ccd46b9d85b0c -iv 7e2fe021d573c0eedd93c4b2704b1b3e
Edit, made key + iv static to avoid being shamed by the iRules community.
Edit2: Added an example and changed to 32 bit hex key to follow the spec. F5 accepts 16 but openssl does not accept it.
28-Jul-2022 14:22
Forgot how fun it is to be challenged by technical questions in the Devcentral forum. Too bad coding, work and kids takes up too much time. 🤔
28-Jul-2022 15:41
I hear ya Patrik! It's hard to maintain balance. Thanks for the assist!
And @SugarsB - if this solved your problem clicking Accept as Solution will give at least one of Patrik's kids a cookie. 🍪
Cheers.
28-Jul-2022 16:00
Thanks for helping out Patrik! We REALLY appreciate your help, support and participation! 🙂