Does anyone know how the ASM Cookie Protection Configuration file is structured?
Hi. Does anyone know how the ASM Cookie Protection Configuration file is structured? This is the file you get when you navigate (in v11.5.3) to Security -> Options -> Application Security -> Advanced Configuration -> Cookie Protection on the GUI, and then click the "export" button. According to the GUI Help menu, the export button does this:
Click the Export button to save the cookie protection configuration file, that contains the algorithm and key, from this system on a remote system or some other location.
The file generated appears to be base 64 encoded, but when I decode it it looks like gibberish. I would expect the key part to be gibberish, but I thought part of the file at least might be intelligible, or delimited in some way so that I could tell the difference between the key part and the algorithm part. Does anyone know which part is the key and which part is the algorithm? My goal in asking is that I've had ASM cookie problems in the past, and when I stumbled across this today I thought it would be really cool to extract the algorithm and key so that I could decrypt the cookie in future troubleshooting sessions and see what is inside it and what caused things to break. Plus I'm just really curious and want to know more about how cookie protection works in general (deeper than just saying hey, looks like there's a "ts_" cookie in this fiddler capture!).