CRYPTO::keygen¶
Description¶
This iRules command is used to generate keys that can be used to
encrypt and sign data.
Syntax¶
CRYPTO::keygen (('-alg' ('random' | 'pbkdf2-md5' | 'rsa'))
('-len' MULTIPLE8)
('-exp' EXP)
('-passphrase' PASSPHRASE)
(('-salt' | '-salthex') SALT)
('-rounds' ROUNDS)
)
CRYPTO::keygen -alg <> -len <> [-passphrase <> -salt[hex] <> -rounds <>]¶
- Used to generate keys that can be used to encrypt and sign data.
- -alg (random, pbkdf2-md5, or rsa)
- -len (Must be a multiple of 8, e.g. 256, 512)
- -passphrase (used as data to generate key)
- -salt (binary data used to generate key)
- -salthex (hex data used to generate key)
- -rounds (Integer indicating how many rounds to use when generating key)
Examples¶
when HTTP_REQUEST {
set keys [CRYPTO::keygen -alg rsa -salthex 0f0f0f0f0f0f0f0f0f0f -len 1024]
set pub_rsakey [lindex $keys 0]
set priv_rsakey [lindex $keys 1]
set data [string repeat "rsakeygen1" 11]
set enc_data [CRYPTO::encrypt -alg rsa-pub -key $pub_rsakey $data]
log "enc_data: [b64encode $enc_data]"
HTTP::header insert rsa_encrypted "$enc_data"
set dec_data [CRYPTO::decrypt -alg rsa-priv -key $priv_rsakey $enc_data]
log "dec_data: $dec_data"
HTTP::header insert rsa_decrypted "$dec_data"
}