Hey Willy,
On 3/22/2019 5:38 PM, Willy Tarreau wrote:
Hi Nenad,
On Fri, Mar 22, 2019 at 12:02:24PM +0100, Nenad Merdanovic wrote:
The converter can be used to decrypt the raw byte input using the
AES-GCM algorithm, using provided nonce, key and AEAD tag. This can
be useful to decrypt encrypted cookies for example and make decisions
based on the content.
Do you think it would be easy enough to have the equivalent encrypt
version ? :-) I suspect it's mostly a matter of using the Encrypt
variant of the EVP functions, but I could really be wrong. This
could even allow to encrypt cookies in response and decrypt them
back for example.
Yes, that's the plan. It's a tiny bit more complex as I still need to
think about how best to "return" two values. Current idea is to have the
converter output the ciphertext and then as a last argument I will pass
the variable name in which the AEAD tag will be stored by the converter.
The patch looks good as-is, I'm applying it right now.
Thank you,
Willy
Not so good it seems :) I will send a fix in a few minutes.
Regards,
Nenad
