Aaron,
thanks for that information. I hadn't seen this before. I am still confused though. Given the following:
when RULE_INIT {
set ::key [AES::key "128"]
}
when HTTP_REQUEST {
set text "this is a test"
log local0. "AES key: $::key"
log local0. "Encrypted text: [b64encode [AES::encrypt $::key $text]]
}
As long as the iRule isn't updated, I see that the key does not change, but the encrypted STATIC text changes on each new browser session (new browser window):
----------------------------
LTM capture from BIG-IP 9.4.2 Build 228.18 Final:
: AES key: AES 128 eaa18b3c04c914f9e2fb8a6c9e479f4f
: Encrypted test: TLkDvsXpttnYyJBMuQO+xem22djIkDLR5Xl32d9syl8l4t+LCI+WuG4VvVKQt/b4jSOtBA==
: AES key: AES 128 eaa18b3c04c914f9e2fb8a6c9e479f4f
: Encrypted test: hhNtFA/zVoJhJz6GE20UD/NWgmEnPof2Nalx2gy6lrsFUxRsiR+bA/ivrV+zjwANgc8Hrw==
: AES key: AES 128 eaa18b3c04c914f9e2fb8a6c9e479f4f
: Encrypted test: JzTGR0I2AL+G0dYnNMZHQjYAv4bR1mAUL1SMYguNEE29thMEzliMW74hgEFQ5iu5X9ctUw==
----------------------------
which leads me to believe there is a session-based subcomponent to the AES encryption function. I would like to be able to send the user an encrypted value, in a cookie, and retrieve that value at some later date. As for the strength of the encryption, vice basic cookie encryption, i'd like the value in the cookie to be unknown to the client.
Am I missing something, or is this an LTM version issue?
Thanks again.
Kevin