Ever wonder how to decrypt data that get passed between clients and your origin servers? With Fastly Compute it is a piece of cake. The following fiddle is a quick example for how to do asymmetric decryption.
We have a few interesting characters in this code:
DEMO_RSA_KEY
: An insecure RSA private key that’s only in the script for demonstration.main
function: Extracts a special header calledX-Base64-Cipher
.decrypt_base64_encoded_value
: This function does the following:
- Base64‑decodes the ciphertext from a string into raw bytes.
- Loads the RSA private key.
- Decrypts the ciphertext using PKCS#1.
- Returns the original human‑readable plaintext.
With RSA, you typically encrypt using a public key and decrypt using the private key. In this code, we assume someone has already used the public key to encrypt a message (turning hello_world_from_alice
into cipher bytes). This code then decrypts the ciphertext, turning gibberish back into the original message.
Try it out yourself. Use the following openssl commands to generate a private key and public key which may be used for encryption.
# Make the private key
openssl genrsa -out private_key.pem 2048
# Make the public key
openssl rsa -in private_key.pem -pubout -out public_key.pem
# Encrypt the string to use in the header
echo -n "hello_world_from_alice" | \
openssl pkeyutl -encrypt -pubin -inkey public_key.pem -pkeyopt rsa_padding_mode:pkcs1 | \
base64