This section covers the DataScripts available on Avi Load Balancer to encrypt and decrypt data.

Function

Description

avi.crypto.decrypt

Decrypt content

avi.crypto.encrypt

Encrypt content

avi.crypto.decrypt

Function

avi.crypto.decrypt( ciphertext, key [, iv [, algo]] ))

Description

DataScripts can be used to encrypt and decrypt data.The supported decryption algorithms are AES and 3DES. For AES decryption, AES128, AES192 and AES256 are supported and require key lengths of 128, 192, and 256 bits respectively. 3DES requires key length (3X56) of 168 bits padded out to 192 bits. The correct key length through the key string is mandatory irrespective of the method used.

Only CBC (Cipher Block Chaining) mode is supported. Default decryption algorithm used is AES256 with the default IV of 0123456789012345 and default mode of CBC.

Events

HTTP_REQ

HTTP_RESP

Parameter

ciphertext is the encrypted text or string to be decrypted.

key is a string, which is the private key to use for the encryption.

iv is a string and is the initialization vector.

algo is the decryption algorithm and can be one of the following:

  • avi.CIPHER_AES.

  • avi.CIPHER_3DES.

Returns

A decrypted string.

Example

During the HTTP Response event, check for a header and encrypt its value.

if avi.http.get_header("User")    encrypt = avi.crypto.encrypt(avi.http.get_header("User"), key)    avi.http.replace_header("User", encrypt) end

During the HTTP Request event, check for a header and decrypt its value.

if avi.http.get_header("User")   
decrypt = avi.crypto.decrypt(avi.http.get_header("User"), key)  
avi.http.replace_header("User", decrypt) end

avi.crypto.encrypt

Function

avi.crypto.encrypt( plaintext, key [, iv [, algo]] )

Description

DataScript has the ability to encrypt arbitrary data. This can be useful for encrypting server cookie values or creating custom cross-site scripting mitigation by embedding validation tokens. The supported encryption algorithms are AES and 3DES.

For AES encryption, AES128, AES192 and AES256 are supported and require key lengths of 128, 192, and 256 bits respectively. 3DES requires a key length (3X56) of 168 bits padded out to 192 bits. Regardless which encryption algorithm is used, The corresponding correct key length through the key string is mandatory.

Only CBC (cipher block chaining) mode is supported. The default encryption algorithm used is AES256, with the default IV value of 0123456789012345 and default mode of CBC.

Events

HTTP_REQ

HTTP_RESP

Parameter

plaintext is the text or string to be encrypted.

key is a string, which is the private key to use for the encryption.

iv is a string and is the initialization vector.

algo is the encryption algorithm cipher. Choose between avi.CIPHER_AES and avi.CIPHER_3DES.

Returns

An encrypted string.

Example

Send an encrypted token using AES256 in CBC mode, with default IV in a header in the HTTP response.

path = avi.http.get_path()
if path == "/app_1/" then 
-- use AES256 default encryption  
key = "01234567890123456789012345678901"    value = "The quick brown fox jumps over the lazy dog."
encrypted_value = avi.crypto.encrypt(value, key)
avi.http.add_header("X-Token", encrypted_value) 
end