Encrypt the data using an AES key.


AES::encrypt <key> <data>

AES::encrypt <key> <data>

  • <key> will be interpreted as an AES key and used directly if it is a string formatted as an AES::key or an object generated from AES::key.
  • <key> will otherwise be interpreted as a pass phrase and used to generate an AES key. This does not work in versions prior to BIG-IP 11.2.0 due to bug 224113.
  • Encrypt the <data> using the AES key either supplied or generated from <key>.


This function is affected by ID241924 and ID242479, and should not be used in BIG-IP v10.1.x or earlier.
This function is also affected by ID224113, and a workaround is necessary. The workaround is to not use a passphrase, but to specify a key directly, in the form of “AES “, where is 128, 192, or 256. For example, “AES 128 e467128783ea04aba33aded4e6e457a5”, would be a valid 128-bit key. This was fixed in BIG-IP v11.2.0.


  set key "AES 128 43047ad71173be644498b98de6a32fe3"
  set encryptedData [AES::encrypt $key [TCP::payload]]
  TCP::payload replace 0 [TCP::payload length] $encryptedData