BIG IP CRYPTO Example

The big ip CRYPTO command provides an opportunity to provide secure communication between applications and the BIG IP device.

This is a simple example of using CRYPTO to communicate with OpenSSL.

Add an iRule to the big ip virtual server:

when HTTP_RESPONSE {
    set key "abed1ddc04fbb05856bca4a0ca60f21e"
    set iv "d78d86d9084eb9239694c9a733904037"
    set data "The quick brown fox"
    set enc_data [CRYPTO::encrypt -alg aes-128-cbc -keyhex $key -ivhex $iv $data]
    HTTP::header insert aes_encrypted "[b64encode $enc_data]"
}

The encrypted data can be retrieved with any utility, I use curl:

curl -D - http://site/
HTTP/1.1 200 OK
Content-Type: text/html
Date: Thu, 29 Jun 2017 13:58:01 GMT
Content-Length: 1293
aes_encrypted: cfsVbrUjPXg4ieEI3R1WsVliS5VRDJVINhMJW55whJc=

The encrypted header can be decoded with OpenSSL:

echo "cfsVbrUjPXg4ieEI3R1WsVliS5VRDJVINhMJW55whJc=" | openssl enc -d -A -a -iv d78d86d9084eb9239694c9a733904037 -K abed1ddc04fbb05856bca4a0ca60f21e -aes-128-cbc -nosalt
The quick brown fox