CRYPTO¶
Description¶
iRules commands and events relating to the new encryption/decryption
features introduced in v11.1
Command List¶
- CRYPTO::decrypt - decrypts data.
- CRYPTO::encrypt - encrypts data
- CRYPTO::hash - generates a hash on a piece of data
- CRYPTO::keygen - used to generate keys that can be used to encrypt and sign data
- CRYPTO::sign - used to provide a digital signature of a block of data.
- CRYPTO::verify - used to verify a signed block of data
Event List¶
Warning¶
Cryptography is very difficult to get correct. It is easy to create a
system that looks secure but isn’t. The CRYPTO::encrypt and
CRYPTO::decrypt commands were designed to** **provide
interoperatebility between BIG-IP and 3rd-party software using common
cipher algorithms (AES, Blowfish, DES, etc.) and protocols.
The CRYPTO:: commands should not be used in an attempt to replace
transport security protocols such as SSL for providing secure
communication between devices, nor in an attempt to do things like
replace cookie encryption or the AES:: commands. It is the
responsibility of the iRule designer(s) to manage any compositional
weaknesses in systems created using the CRYPTO:: commands.
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.