AES::encrypt¶
Description¶
Encrypt the data using an AES key.
Syntax¶
AES::encrypt <key> <data>
AES::encrypt <key> <data>¶
- <key> will be interpreted as an AES key and used directly if it is a string formatted as an AES::key or an object generated from AES::key.
- <key> will otherwise be interpreted as a pass phrase and used to generate an AES key. This does not work in versions prior to BIG-IP 11.2.0 due to bug 224113.
- Encrypt the <data> using the AES key either supplied or generated from <key>.
Caution¶
This function is affected by ID241924 and ID242479, and should not be
used in BIG-IP v10.1.x or earlier.
This function is also affected by ID224113, and a workaround is
necessary. The workaround is to not use a passphrase, but to specify a
key directly, in the form of “AES “, where is 128, 192, or 256. For
example, “AES 128 e467128783ea04aba33aded4e6e457a5”, would be a valid
128-bit key. This was fixed in BIG-IP v11.2.0.
Examples¶
when SERVER_DATA {
set key "AES 128 43047ad71173be644498b98de6a32fe3"
set encryptedData [AES::encrypt $key [TCP::payload]]
TCP::payload replace 0 [TCP::payload length] $encryptedData
}