...

• A secret is encrypted using the Certificate or Public Key of the receiver that should decrypt the secret.
• The encryption process takes the following steps:
  • Create a symmetric one-time key.
  • Encrypt the one-time key with the receiver's Public Key. If a Certificate is used then the Public Key is calculated from the Certificate.
  • Create an initialization vector that includes changing values for a "salt" to protect encrypted secrets from attacks using rainbow tables. The "salt" is no sensitive information, its knowledge will not allow more efficient attacks..
  • Encrypt the secret with the one-time key and initialization vector.
  • Drop the one-time key, only the receiver will be able to decrypt the encrypted one-time key later on.
• The outcome of encryption that is forwarded to a receiver includes the following items:
  • encrypted one-time key,
  • initialization vector which includes the "salt",
  • encrypted secret.

...

• JS7 - Encryption - Integration with Jobs
• JS7 - Encryption - Integration with Password Secret Manager Products

Further Resources

• JS7 - How to encrypt and decrypt Variables
  • JS7 - How to encrypt and decrypt using Unix Shell
  • JS7 - How to encrypt and decrypt using Windows Shell
  • JS7 - How to encrypt and decrypt using PowerShell
• JS7 - How to update a Job Resource using Unix Shell
• JS7 - How to update a Job Resource using PowerShell
• JS7 - How to encrypt and decrypt Database Credentials

...