All Products
Search
Document Center

Server Load Balancer:Cipher algorithm functions

Last Updated:Apr 01, 2026

ALB edge scripts include built-in cipher functions for hashing, message authentication, and symmetric encryption. All digest functions return binary output — use tohex() to convert to a hex string.

The following functions are available: aes_new | aes_enc | aes_dec | sha1 | sha2 | hmac | hmac_sha1 | md5 | md5_bin

Quick reference

FunctionOperationOutput format
aes_newCreate AES objectAES object (dictionary)
aes_encAES encryptionBinary ciphertext
aes_decAES decryptionBinary plaintext
sha1SHA-1 digestBinary
sha2SHA-2 digest (224/256/384/512)Binary
hmacHMAC digest (MD5/SHA-1/SHA-256/SHA-512)Binary
hmac_sha1HMAC-SHA-1 digestBinary
md5MD5 digestHexadecimal
md5_binMD5 digestBinary
To use AES encryption or decryption, first call aes_new() to create an AES object, then pass the object to aes_enc() or aes_dec().

aes_new

ItemDescription
Syntaxaes_new(config)
DescriptionCreates an Advanced Encryption Standard (AES) object for use in subsequent encryption and decryption operations.
Parametersconfig: a dictionary with the following fields:

`config` fields

FieldTypeRequiredDescription
keyStringYesThe encryption key.
saltStringNoThe salt value.
cipher_lenIntegerYesThe key length. Valid values: 128, 192, 256.
cipher_modeStringYesThe cipher mode. Valid values: ecb, cbc, ctr, cfb, ofb.
ivStringNoThe initialization vector (IV).

Return value

Returns an AES object (dictionary type) on success. Returns false on failure.

Example

The following example creates AES objects in three modes and verifies that encryption and decryption produce the original plaintext.

aes_conf = []
plaintext = ''
if and($http_mode, eq($http_mode, 'ecb-128')) {
  set(aes_conf, 'key', 'ab8bfd9f-a1af-4ba2-bbb0-1ee520e3d8bc')
  set(aes_conf, 'salt', '1234567890')
  set(aes_conf, 'cipher_len', 128)
  set(aes_conf, 'cipher_mode', 'ecb')
  plaintext = 'hello aes ecb-128'
}
if and($http_mode, eq($http_mode, 'cbc-256')) {
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')
  set(aes_conf, 'cipher_len', 256)
  set(aes_conf, 'cipher_mode', 'cbc')
  set(aes_conf, 'iv', '0123456789abcdef')
  plaintext = 'hello aes cbc-256'
}
if and($http_mode, eq($http_mode, 'ofb-256')) {
  set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')
  set(aes_conf, 'cipher_len', 256)
  set(aes_conf, 'cipher_mode', 'ofb')
  set(aes_conf, 'iv', tochar(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))
  plaintext = 'hello aes ofb-256'
}

aes_obj = aes_new(aes_conf)
if not(aes_obj) {
  say(concat('aes obj failed'))
  exit(400)
}

ciphertext = aes_enc(aes_obj, plaintext)
plaintext_reverse = aes_dec(aes_obj, ciphertext)

say(concat('plain: ', plaintext))
say(concat('cipher: ', tohex(ciphertext)))
say(concat('plain_reverse: ', plaintext_reverse))

if ne(plaintext, plaintext_reverse) {
  say('plaintext ~= plaintext_reverse')
  exit(400)
}

aes_enc

ItemDescription
Syntaxaes_enc(o, s)
DescriptionEncrypts data using the AES encryption algorithm.
Parameterso: the AES object returned by aes_new. s: the plaintext to encrypt.
Return valueThe encrypted ciphertext (binary).

Example

See the aes_new example for a complete encryption and decryption workflow.

aes_dec

ItemDescription
Syntaxaes_dec(o, s)
DescriptionDecrypts data using the AES encryption algorithm.
Parameterso: the AES object returned by aes_new. s: the ciphertext to decrypt.
Return valueThe decrypted plaintext (binary).

Example

See the aes_new example for a complete encryption and decryption workflow.

sha1

ItemDescription
Syntaxsha1(s)
DescriptionCalculates an SHA-1 digest.
Parameterss: the input string.
Return valueThe SHA-1 digest in binary format. Use tohex() to convert to hex.

Example

digest = sha1('hello sha')
say(concat('sha1:', tohex(digest)))

Output:

sha1:853789bc783a6b573858b6cc9f913afe82962956

sha2

ItemDescription
Syntaxsha2(s, l)
DescriptionCalculates an SHA-2 digest.
Parameterss: the input string. l: the digest length. Valid values: 224, 256, 384, 512.
Return valueThe SHA-2 digest in binary format. Use tohex() to convert to hex.

Example

digest = sha2('hello sha2', 224)
say(concat('sha2-224:', tohex(digest)))

digest = sha2('hello sha2', 256)
say(concat('sha2-256:', tohex(digest)))

digest = sha2('hello sha2', 384)
say(concat('sha2-384:', tohex(digest)))

digest = sha2('hello sha2', 512)
say(concat('sha2-512:', tohex(digest)))

Output:

sha2-224:b24b7effcf53ce815ee7eb73c7382613aba1c334e2a1622655362927
sha2-256:af0425cee23c236b326ed1f008c9c7c143a611859a11e87d66d0a4c3217c7792
sha2-384:bebbdde9efabd4b9cf90856cf30e0b024dd13177d9367d2dcf8d7a04e059f92260f16b21e261358c2271be32086ef35b
sha2-512:a1d1aef051c198c0d26bc03500c177a315fa248cea815e04fbb9a75e5be5061617daab311c5e3d0b215dbfd4e83e73f23081242b0143dcdfce5cd92ec51394f7

hmac

ItemDescription
Syntaxhmac(k, s, v)
DescriptionCalculates an HMAC digest.
Parametersk: the HMAC key. s: the input string. v: the hash algorithm. Valid values: md5, sha1, sha256, sha512.
Return valueThe HMAC digest in binary format, computed using the specified algorithm. Use tohex() to convert to hex.

Example

The following example computes HMAC digests using all supported algorithms and compares hmac(sha1) with hmac_sha1() to confirm they produce the same result.

k = '146ebcc8-392b-4b3a-a720-e7356f62f87b'
v = 'hello mac'
say(concat('hmac(md5): ', tohex(hmac(k, v, 'md5'))))
say(concat('hmac(sha1): ', tohex(hmac(k, v, 'sha1'))))
say(concat('hmac(sha256): ', tohex(hmac(k, v, 'sha256'))))
say(concat('hmac(sha512): ', tohex(hmac(k, v, 'sha512'))))
say(concat('hmac_sha1(): ', tohex(hmac_sha1(k, v))))

Output:

hmac(md5): 358cbfca8ad663b547c83748de2ea778
hmac(sha1): 5555633cef48c3413b68f9330e99357df1cc3d93
hmac(sha256): 7a494543cad3b92ce1e7c4bbc86a8f5212b53e4d661f7830f455847540a85771
hmac(sha512): 59d7c07996ff675b45bd5fd40a6122bb5f40f597357a9b4a9e29da6f5c7cb806798c016fe09cb46457b6df9717d26d0af19896f72eaf4296be03e3681fea59ad
hmac_sha1(): 5555633cef48c3413b68f9330e99357df1cc3d93

hmac_sha1

ItemDescription
Syntaxhmac_sha1(k, s)
DescriptionCalculates an HMAC-SHA-1 digest.
Parametersk: the HMAC-SHA-1 key. s: the input string.
Return valueThe HMAC-SHA-1 digest in binary format. Use tohex() to convert to hex.

Example

See the hmac example for a comparison of hmac_sha1() and hmac(k, s, 'sha1').

md5

ItemDescription
Syntaxmd5(s)
DescriptionCalculates an MD5 digest.
Parameterss: the input string.
Return valueThe MD5 digest in hexadecimal format.

Example

say(concat('md5: ', md5('hello md5')))

Output:

md5:741fc6b1878e208346359af502dd11c5

md5_bin

ItemDescription
Syntaxmd5_bin(s)
DescriptionCalculates an MD5 digest.
Parameterss: the input string.
Return valueThe MD5 digest in binary format. Use tohex() to convert to hex.

Example

say(concat('md5_bin: ', tohex(md5_bin('hello md5'))))

Output:

md5_bin: 741fc6b1878e208346359af502dd11c5