Example 11: Policy-based RSA encryption with no padding operation

The PKEY_ENCRYPT_PEM_NO_PADDING() policy function uses the RSA algorithm with no padding operation before performing RSA encryption. The policy function works just like the PKEY_ENCRYPT_PEM() function, except it uses RSA_NO_PADDING method instead of RSA_PKCS1_PADDING. The pkey parameter is a text string with a PEM-encoded RSA public key. Similar to PKEY_ENCRYPT_PEM(), you can use a policy expression for the key.

You can implement the feature by using a rewrite policy. To do this, you must complete the following tasks:

  1. Add RSA public key as a policy expression.
  2. Create rewrite action.

Policy-based RSA encryption by using Citrix ADC command interface

Complete the following tasks to configure policy-based RSA encryption by using the Citrix ADC command interface.

To add RSA public key with no padding policy expression by using the Citrix ADC command interface:

add expression rsa_pub_key_4096 '"-----BEGIN RSA PUBLIC KEY-----" + "MIICCgKCAgEArrwBldKd48xrpOSRPMrg+eNAO0ODU6t5b/WYQLdElqNv7WpefBrA" + \"nwI2s619gEU1r4zoLqL7l5ALtt5Z+F0JBYfOzBzOky0GtEJ5iX5GP4QxT65J3nHH" + "4MTF3acmjvXxclmaKXEFlaVIzW7FTr3Luw/CnOjflAB403Q6F9VBVvQmOVYWnqoI" + \"+0q1VIg6Q1pAcvdKBiOf85BBofE5EIbZ/1Jt0CdbsV568l+8ve7BnSUncFHoRR3O" + "/VfSsDuNWZf7n3RNMzxEuIA72UGPzNYFQzvcPOdzd0aN7jAXw0mgC/NSvKzGKHlo" + \"mUYYBzlVQdDMZWnd6jSzsBRXSXxsNEy/RuXwplrA5epo7JdCoMkfeI4vUXm6MNr8" + "TQdFqIc1pdnOsbRf9ec62XbcfR7P8CDTsmLSaagx3rjenPdB+LTWKw2VUF+YONIg" + \"jM3fyFef9ovVhLhS5HvMqFGs8P75W+d7BOIbIu3EngACiEJOpYSsETD4WgPK6Iyv" + "j6cxsLeYMtElTb0fBIIqysCHdmjF3M1lqdqp4dKs3+W798GJZYM5MxZKUzrBi0Xu" + \"e7GtSh2aimsfQureUD+0z0RN2umeDsYcA1ghXMclDP+jLS1lnrv0Yvo+TKcm9b8G" + "uR/drbCrCsGyWFW+bsAu3AWz9S6TePurP5unRmNNvXpH5DRgsYl3d50CAwEAAQ==" + \"-----END RSA PUBLIC KEY-----\"

To add rewrite action for no padding policy expression by using the Citrix ADC command interface:

add rewrite action rsa_encrypt_act insertHttpHeader encrypted 'HTTP.REQ.HEADER("plaintext").PKEY_ENCRYPT_PEM_NO_PADDING(rsa_pub_key_4096)

Policy-based RSA encryption with no padding option by using the GUI

The GUI enables you to complete the following tasks:

To add RSA public key for no padding operation as a policy expression by using the GUI:

  1. Sign into the Citrix ADC appliance and navigate to Configurations > AppExpert > Advanced Expressions.
  2. In the details pane, click Add to define an RSA public key as an advanced policy expression.
  3. In Create Expression page, set the following parameters:
    1. Expression name. Name of the advanced expression.
    2. Expression. Define RSA public key as an advanced expression using the Expression Editor. Note: The maximum string length is of 255 characters in a policy expression. For any key longer than 1024-bits, you have to break the key into smaller chunks and concatenate the chunks together as “chunk1” + “chunk2” + …
    3. Comments. A brief description of the expression.
  4. Click Create.

To add rewrite an action by using the GUI:

  1. Sign into the Citrix ADC appliance and navigate to Configurations > AppExpert > Rewrite > Actions.
  2. In the details pane, click Add to add a rewrite action.
  3. In the Create Rewrite Action screen, set the following parameters:
    1. Name. Name of the rewrite action.
    2. Type. Select action type as INSERT_HTTP_HEADER.
    3. Use the action type to insert a header. Enter the name of the HTTP header that needs to be rewritten.
    4. Expression. Name of the advanced policy expression associated to the action.
    5. Comments. A brief description of the rewrite action.
  4. Click Create.

Example 11: Policy-based RSA encryption with no padding operation