iRules commands and events relating to the new encryption/decryption features introduced in v11.1
- CRYPTO::decrypt - decrypts data.
- CRYPTO::encrypt - encrypts data
- CRYPTO::hash - generates a hash on a piece of data
- CRYPTO::keygen - used to generate keys that can be used to encrypt and sign data
- CRYPTO::sign - used to provide a digital signature of a block of data.
- CRYPTO::verify - used to verify a signed block of data
Cryptography is very difficult to get correct. It is easy to create a system that looks secure but isn’t. The CRYPTO::encrypt and CRYPTO::decrypt commands were designed to** **provide interoperatebility between BIG-IP and 3rd-party software using common cipher algorithms (AES, Blowfish, DES, etc.) and protocols.
The CRYPTO:: commands should not be used in an attempt to replace transport security protocols such as SSL for providing secure communication between devices, nor in an attempt to do things like replace cookie encryption or the AES:: commands. It is the responsibility of the iRule designer(s) to manage any compositional weaknesses in systems created using the CRYPTO:: commands.