This section covers the DataScripts available on NSX Advanced Load Balancer to encrypt and decrypt data.
Function |
Description |
---|---|
Decrypt content |
|
Encrypt content |
avi.crypto.decrypt
Function |
avi.crypto.decrypt( ciphertext, key [, iv [, algo]] )) |
Description |
DataScripts can be used to encrypt and decrypt data.The supported decryption algorithms are AES and 3DES. For AES decryption, AES128, AES192 and AES256 are supported and require key lengths of 128, 192, and 256 bits respectively. 3DES requires key length (3X56) of 168 bits padded out to 192 bits. The correct key length through the key string is mandatory irrespective of the method used. Only CBC (Cipher Block Chaining) mode is supported. Default decryption algorithm used is AES256 with the default IV of 0123456789012345 and default mode of CBC. |
Events |
HTTP_REQ HTTP_RESP |
Parameter |
ciphertext is the encrypted text or string to be decrypted. key is a string, which is the private key to use for the encryption. iv is a string and is the initialization vector. algo is the decryption algorithm and can be one of the following:
|
Returns |
A decrypted string. |
Example |
During the HTTP Response event, check for a header and encrypt its value. if avi.http.get_header("User") encrypt = avi.crypto.encrypt(avi.http.get_header("User"), key) avi.http.replace_header("User", encrypt) end During the HTTP Request event, check for a header and decrypt its value. if avi.http.get_header("User") decrypt = avi.crypto.decrypt(avi.http.get_header("User"), key) avi.http.replace_header("User", decrypt) end |
avi.crypto.encrypt
Function |
avi.crypto.encrypt( plaintext, key [, iv [, algo]] ) |
Description |
DataScript has the ability to encrypt arbitrary data. This can be useful for encrypting server cookie values or creating custom cross-site scripting mitigation by embedding validation tokens. The supported encryption algorithms are AES and 3DES. For AES encryption, AES128, AES192 and AES256 are supported and require key lengths of 128, 192, and 256 bits respectively. 3DES requires a key length (3X56) of 168 bits padded out to 192 bits. Regardless which encryption algorithm is used, The corresponding correct key length through the key string is mandatory. Only CBC (cipher block chaining) mode is supported. The default encryption algorithm used is AES256, with the default IV value of 0123456789012345 and default mode of CBC. |
Events |
HTTP_REQ HTTP_RESP |
Parameter |
plaintext is the text or string to be encrypted. key is a string, which is the private key to use for the encryption. iv is a string and is the initialization vector. algo is the encryption algorithm cipher. Choose between avi.CIPHER_AES and avi.CIPHER_3DES. |
Returns |
An encrypted string. |
Example |
Send an encrypted token using AES256 in CBC mode, with default IV in a header in the HTTP response. path = avi.http.get_path() if path == "/app_1/" then -- use AES256 default encryption key = "01234567890123456789012345678901" value = "The quick brown fox jumps over the lazy dog." encrypted_value = avi.crypto.encrypt(value, key) avi.http.add_header("X-Token", encrypted_value) end |