Module: localCryptoUtil

This routines are utilities for decrypting data from files on disk

These routines are meant to be used locally on a BIG-IP and operate via tmsh rather than iControl REST. This is so that we do not need to take in unencrypted passwords as parameters either on the command line or via the filesystem.

Notes:

  • Only runs locally on a BIG-IP. Cannot run on a remote BIG-IP.
  • Uses tmsh rather than iControl REST so that we do not need to take in a password

Methods

(static) decryptConfValue(value) → {Promse}

Decrypts a BIG-IP configuration value.

Must be run on a BIG-IP.

Parameters:
Name Type Description
value String

The configuragtion value to decrypt
Returns:

A promise which is resolved with the decrypted configuration value or rejected if an error occurs.

Type
Promse

(static) decryptData(data, privateKeyFolder, privateKeyName, optionsopt) → {Promise}

Decrypts data

Parameters:
Name Type Attributes Description
data String

Data to decrypt
privateKeyFolder String

BIG-IP folder in which private key is installed
privateKeyName String

Name of private key installed on BIG-IP
options Object <optional>

Optional parameters

Properties
Name Type Attributes Description
encryptedKey String <optional>

The encrypted symmetric key. Required if symmetric encryption was used.
iv String | Buffer <optional>

The initialization vector that was used for encryption. Required if symmetric encryption was used.
Returns:

A promise which is resolved with the decrypted data or rejected if an error occurs.

Type
Promise

(static) decryptDataFromFile(dataFile, optionsopt) → {Promise}

Decrypts data from a file on disk

Parameters:
Name Type Attributes Description
dataFile String

File to decrypt
options Object <optional>

Optional parameters

Properties
Name Type Attributes Description
symmetric Boolean <optional>

Data was symmetrically encrypted
Returns:

A promise which is resolved with the decrypted data or rejected if an error occurs.

Type
Promise

(static) decryptPassword(password) → {Promise}

Decrypts a secret, typically a password that was encrypted with our local private keys.

This is just a shortcut for decryptData

Parameters:
Name Type Description
password String

secret to decrypt
Returns:

A promise which is resolved with the decrypted secret or rejected if an error occurs

Type
Promise

(static) symmetricDecryptPassword(data) → {Promise}

Decrypts a secret that was encrypted symmetrically, typically a large password or object (JSON) with multiple values that was encrypted with our local private keys.

This is just a shortcut for decryptData with symmetric options

Parameters:
Name Type Description
data Object

Object (JSON) created by symmetric encrypt operation
Returns:

A promise which is resolved with the decrypted secret or rejected if an error occurs

Type
Promise