CRYPTO::keygen

Description

This iRules command is used to generate keys that can be used to encrypt and sign data.

Syntax

CRYPTO::keygen (('-alg'  ('random' | 'pbkdf2-md5' | 'rsa'))
                         ('-len' MULTIPLE8)
                         ('-exp' EXP)
                         ('-passphrase' PASSPHRASE)
                         (('-salt' | '-salthex') SALT)
                         ('-rounds' ROUNDS)
                        )

CRYPTO::keygen -alg <> -len <> [-passphrase <> -salt[hex] <> -rounds <>]

  • Used to generate keys that can be used to encrypt and sign data.
    • -alg (random, pbkdf2-md5, or rsa)
    • -len (Must be a multiple of 8, e.g. 256, 512)
    • -passphrase (used as data to generate key)
    • -salt (binary data used to generate key)
    • -salthex (hex data used to generate key)
    • -rounds (Integer indicating how many rounds to use when generating key)

Examples

when HTTP_REQUEST {
    set keys [CRYPTO::keygen -alg rsa -salthex 0f0f0f0f0f0f0f0f0f0f -len 1024]
    set pub_rsakey [lindex $keys 0]
    set priv_rsakey [lindex $keys 1]
    set data [string repeat "rsakeygen1" 11]
    set enc_data [CRYPTO::encrypt -alg rsa-pub -key $pub_rsakey $data]
    log "enc_data: [b64encode $enc_data]"
    HTTP::header insert rsa_encrypted "$enc_data"
    set dec_data [CRYPTO::decrypt -alg rsa-priv -key $priv_rsakey $enc_data]
    log "dec_data: $dec_data"
    HTTP::header insert rsa_decrypted "$dec_data"
}