Decrypt the data using an AES key.


AES::decrypt <key> <data>

AES::decrypt <key> <data>

  • <key> will be interpreted as an AES key and used directly if it is a string formatted as an AES::key or an object generated from AES::key.
  • <key> will otherwise be interpreted as a pass phrase and used to generate an AES key. This does not work due to bug 224113.
  • Decrypt the <data> using the AES key either supplied or generated from <key>.


This function is affected by ID241924 and ID242479, and should not be used in BIG-IP v10.1.x or earlier.
This function is also affected by ID224113, and a workaround is necessary. The workaround is to not use a passphrase, but to specify a key directly, in the form of “AES “, where is 128, 192, or 256. For example, “AES 128 e467128783ea04aba33aded4e6e457a5”, would be a valid 128-bit key.


  set key "AES 128 43047ad71173be644498b98de6a32fe3"
  set decryptedData [AES::decrypt $key $encryptedData]
  log local0. "The decrypted data is $decryptedData"