Page History
...
- Download: JS7 - Download
- The solution is available for Linux, MacOS®, AIX® using bash, zsh, dash shell, see JS7 - How to encrypt and decrypt Variables using Unix Shell
- The solution is available for Windows® Shell.
Managing the private/public Key Pair
Assymetric encryption makes use of a private/public key pair that can be created in a number of ways:
- If SSL certificates are in use to secure HTTPS connections to an Agent, see JS7 - Agent HTTPS Connections, then the related private key and certificate can be used for encryption/decryption too.
- Users can create a Certificate Signing Request (CSR) and ask their Certificate Authority (CA) to sign the CSR and to receive an X.509 certificate. The X.509 certificate allows to derive the public key.
- User can create a self-signed X.509 certificate, see JS7 - How to create self-signed Certificates.
- Users can create a private/public key pair as explained in subsequent chapters.
Step 1: Create a private/public key pair
The following step is performed on the server hosting the Agent that should decrypt variables using the openssl
utility from the command line:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# navigate to the Agent's <agent-data>/config/private directory
Set-Location $env:ProgramData/sos-berlin.com/js7/agent/config/private
# cd %ProgramData%/sos-berlin.com/js7/agent/config/private
# create the private key and certificate files in pkcs#1 format using "jobscheduler" as a passphrase
openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout my.key -out my.crt
# extract my.pub public key file from my.crt certificate file
openssl x509 -pubkey -noout -in my.crt > my.pub |
Step 2: Make public key available
Copy the public key file to the server(s) hosting the Agent(s) that should encrypt variables:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
# navigate to the Agent's <agent-data>/config directory
Set-Location $env:ProgramData/sos-berlin.com/js7/agent/config
# cd %ProgramData%/sos-berlin.com/js7/agent/config
# copy the agent.pub public key file from to the current location using a file transfer tool or your clipboard |
Encryption
Usage
Invoking the script without arguments displays the usage clause:
...
Overview
Content Tools