ALB edge scripts include built-in cipher functions for hashing, message authentication, and symmetric encryption. All digest functions return binary output — use tohex() to convert to a hex string.
The following functions are available: aes_new | aes_enc | aes_dec | sha1 | sha2 | hmac | hmac_sha1 | md5 | md5_bin
Quick reference
| Function | Operation | Output format |
|---|---|---|
aes_new | Create AES object | AES object (dictionary) |
aes_enc | AES encryption | Binary ciphertext |
aes_dec | AES decryption | Binary plaintext |
sha1 | SHA-1 digest | Binary |
sha2 | SHA-2 digest (224/256/384/512) | Binary |
hmac | HMAC digest (MD5/SHA-1/SHA-256/SHA-512) | Binary |
hmac_sha1 | HMAC-SHA-1 digest | Binary |
md5 | MD5 digest | Hexadecimal |
md5_bin | MD5 digest | Binary |
To use AES encryption or decryption, first callaes_new()to create an AES object, then pass the object toaes_enc()oraes_dec().
aes_new
| Item | Description |
|---|---|
| Syntax | aes_new(config) |
| Description | Creates an Advanced Encryption Standard (AES) object for use in subsequent encryption and decryption operations. |
| Parameters | config: a dictionary with the following fields: |
`config` fields
| Field | Type | Required | Description |
|---|---|---|---|
key | String | Yes | The encryption key. |
salt | String | No | The salt value. |
cipher_len | Integer | Yes | The key length. Valid values: 128, 192, 256. |
cipher_mode | String | Yes | The cipher mode. Valid values: ecb, cbc, ctr, cfb, ofb. |
iv | String | No | The initialization vector (IV). |
Return value
Returns an AES object (dictionary type) on success. Returns false on failure.
Example
The following example creates AES objects in three modes and verifies that encryption and decryption produce the original plaintext.
aes_conf = []
plaintext = ''
if and($http_mode, eq($http_mode, 'ecb-128')) {
set(aes_conf, 'key', 'ab8bfd9f-a1af-4ba2-bbb0-1ee520e3d8bc')
set(aes_conf, 'salt', '1234567890')
set(aes_conf, 'cipher_len', 128)
set(aes_conf, 'cipher_mode', 'ecb')
plaintext = 'hello aes ecb-128'
}
if and($http_mode, eq($http_mode, 'cbc-256')) {
set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')
set(aes_conf, 'cipher_len', 256)
set(aes_conf, 'cipher_mode', 'cbc')
set(aes_conf, 'iv', '0123456789abcdef')
plaintext = 'hello aes cbc-256'
}
if and($http_mode, eq($http_mode, 'ofb-256')) {
set(aes_conf, 'key', '146ebcc8-392b-4b3a-a720-e7356f62')
set(aes_conf, 'cipher_len', 256)
set(aes_conf, 'cipher_mode', 'ofb')
set(aes_conf, 'iv', tochar(0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0))
plaintext = 'hello aes ofb-256'
}
aes_obj = aes_new(aes_conf)
if not(aes_obj) {
say(concat('aes obj failed'))
exit(400)
}
ciphertext = aes_enc(aes_obj, plaintext)
plaintext_reverse = aes_dec(aes_obj, ciphertext)
say(concat('plain: ', plaintext))
say(concat('cipher: ', tohex(ciphertext)))
say(concat('plain_reverse: ', plaintext_reverse))
if ne(plaintext, plaintext_reverse) {
say('plaintext ~= plaintext_reverse')
exit(400)
}aes_enc
| Item | Description |
|---|---|
| Syntax | aes_enc(o, s) |
| Description | Encrypts data using the AES encryption algorithm. |
| Parameters | o: the AES object returned by aes_new. s: the plaintext to encrypt. |
| Return value | The encrypted ciphertext (binary). |
Example
See the aes_new example for a complete encryption and decryption workflow.
aes_dec
| Item | Description |
|---|---|
| Syntax | aes_dec(o, s) |
| Description | Decrypts data using the AES encryption algorithm. |
| Parameters | o: the AES object returned by aes_new. s: the ciphertext to decrypt. |
| Return value | The decrypted plaintext (binary). |
Example
See the aes_new example for a complete encryption and decryption workflow.
sha1
| Item | Description |
|---|---|
| Syntax | sha1(s) |
| Description | Calculates an SHA-1 digest. |
| Parameters | s: the input string. |
| Return value | The SHA-1 digest in binary format. Use tohex() to convert to hex. |
Example
digest = sha1('hello sha')
say(concat('sha1:', tohex(digest)))Output:
sha1:853789bc783a6b573858b6cc9f913afe82962956sha2
| Item | Description |
|---|---|
| Syntax | sha2(s, l) |
| Description | Calculates an SHA-2 digest. |
| Parameters | s: the input string. l: the digest length. Valid values: 224, 256, 384, 512. |
| Return value | The SHA-2 digest in binary format. Use tohex() to convert to hex. |
Example
digest = sha2('hello sha2', 224)
say(concat('sha2-224:', tohex(digest)))
digest = sha2('hello sha2', 256)
say(concat('sha2-256:', tohex(digest)))
digest = sha2('hello sha2', 384)
say(concat('sha2-384:', tohex(digest)))
digest = sha2('hello sha2', 512)
say(concat('sha2-512:', tohex(digest)))Output:
sha2-224:b24b7effcf53ce815ee7eb73c7382613aba1c334e2a1622655362927
sha2-256:af0425cee23c236b326ed1f008c9c7c143a611859a11e87d66d0a4c3217c7792
sha2-384:bebbdde9efabd4b9cf90856cf30e0b024dd13177d9367d2dcf8d7a04e059f92260f16b21e261358c2271be32086ef35b
sha2-512:a1d1aef051c198c0d26bc03500c177a315fa248cea815e04fbb9a75e5be5061617daab311c5e3d0b215dbfd4e83e73f23081242b0143dcdfce5cd92ec51394f7hmac
| Item | Description |
|---|---|
| Syntax | hmac(k, s, v) |
| Description | Calculates an HMAC digest. |
| Parameters | k: the HMAC key. s: the input string. v: the hash algorithm. Valid values: md5, sha1, sha256, sha512. |
| Return value | The HMAC digest in binary format, computed using the specified algorithm. Use tohex() to convert to hex. |
Example
The following example computes HMAC digests using all supported algorithms and compares hmac(sha1) with hmac_sha1() to confirm they produce the same result.
k = '146ebcc8-392b-4b3a-a720-e7356f62f87b'
v = 'hello mac'
say(concat('hmac(md5): ', tohex(hmac(k, v, 'md5'))))
say(concat('hmac(sha1): ', tohex(hmac(k, v, 'sha1'))))
say(concat('hmac(sha256): ', tohex(hmac(k, v, 'sha256'))))
say(concat('hmac(sha512): ', tohex(hmac(k, v, 'sha512'))))
say(concat('hmac_sha1(): ', tohex(hmac_sha1(k, v))))Output:
hmac(md5): 358cbfca8ad663b547c83748de2ea778
hmac(sha1): 5555633cef48c3413b68f9330e99357df1cc3d93
hmac(sha256): 7a494543cad3b92ce1e7c4bbc86a8f5212b53e4d661f7830f455847540a85771
hmac(sha512): 59d7c07996ff675b45bd5fd40a6122bb5f40f597357a9b4a9e29da6f5c7cb806798c016fe09cb46457b6df9717d26d0af19896f72eaf4296be03e3681fea59ad
hmac_sha1(): 5555633cef48c3413b68f9330e99357df1cc3d93hmac_sha1
| Item | Description |
|---|---|
| Syntax | hmac_sha1(k, s) |
| Description | Calculates an HMAC-SHA-1 digest. |
| Parameters | k: the HMAC-SHA-1 key. s: the input string. |
| Return value | The HMAC-SHA-1 digest in binary format. Use tohex() to convert to hex. |
Example
See the hmac example for a comparison of hmac_sha1() and hmac(k, s, 'sha1').
md5
| Item | Description |
|---|---|
| Syntax | md5(s) |
| Description | Calculates an MD5 digest. |
| Parameters | s: the input string. |
| Return value | The MD5 digest in hexadecimal format. |
Example
say(concat('md5: ', md5('hello md5')))Output:
md5:741fc6b1878e208346359af502dd11c5md5_bin
| Item | Description |
|---|---|
| Syntax | md5_bin(s) |
| Description | Calculates an MD5 digest. |
| Parameters | s: the input string. |
| Return value | The MD5 digest in binary format. Use tohex() to convert to hex. |
Example
say(concat('md5_bin: ', tohex(md5_bin('hello md5'))))Output:
md5_bin: 741fc6b1878e208346359af502dd11c5