call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--in=secret"

for /f "tokens=1-3" %%i in ("@echo %JS7_ENCRYPT_VALUE%") do (
  set encrypted_symmetric_key=%%i
  set encrypted_base64_iv=%%j
  set encrypted_string=%%k
)

@rem encrypts the given secret using an Agent's X.509 certificate
@rem consider that for Windows Shell all arguments have to be quoted
@rem output is provided from an environment variable that includes the symmetric key, initialization vector and encrypted string separated by space that are passed to environment variables

echo secret file > %TEMP%\secret.txt
call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--infile=%TEMP%\secret.txt" "--outfile=%TEMP%\secret.txt.encrypted"

for /f "tokens=1-3" %%i in ("@echo %JS7_ENCRYPT_VALUE%") do (
  set encrypted_symmetric_key=%%i
  set encrypted_base64_iv=%%j
  set encrypted_file=%%k
)

@rem encrypts the given file using an Agent's X.509 certificate
@rem consider that for Windows Shell all arguments have to be quoted
@rem output is available from the JS7_ENCRYPT_VALUE environment variable
@rem output includes the symmetric key, initialization vector and encrypted file separated by space that are passed to environment variables

@call@rem call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--in=secret"

for /f "tokens=1-3" %%i in ("%JS7_ENCRYPT_VALUE%") do (
    set encrypted_symmetric_key=%%i
    set encrypted_base64_iv=%%j
    set encrypted_string=%%k
)
 
call .\bin\js7_decrypt.cmd ^
    "--key=agent.key" ^
    "--key-iv=%encrypted_base64_iv%" password=jobscheduler" ^
    "--encrypted-key=%encrypted_symmetric_key%" ^
    "--iv=%encrypted_base64_iv%" ^
    "--in=%encrypted_string%"
@echo %JS7_DECRYPT_VALUE%

@rem decrypts the encrypted secret using an Agent's private key and passphrase
@rem consider that for Windows Shell all arguments have to be quoted
@rem the JS7_DECRYPT_VALUE environment variable is automatically created and holds the decrypted secret

@call@rem call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--infile=%TEMP%\secret.txt" "--outfile=%TEMP%\secret.txt.encrypted"

for /f "tokens=1-3" %%i in ("%JS7_ENCRYPT_VALUE%") do (
    set encrypted_symmetric_key=%%i
    set encrypted_base64_iv=%%j
    set encrypted_file=%%k
)

call .\bin\js7_decrypt.cmd ^
    "--key=agent.key" ^
    "--iv=%encrypted_base64_iv%" key-password=jobscheduler" ^ 
    "--encrypted-key=%encrypted_symmetric_key%" ^
    "--iv=%encrypted_base64_iv%" ^
    "--infile=%encrypted_file%" ^
    "--outfile=%TEMP%\secret.txt.decrypted"
@echo %JS7_DECRYPT_FILE%type %TEMP%\secret.txt.decrypted

@rem decrypts the given encrypted file using an Agent's private key and passphrase
@rem consider that for Windows Shell all arguments have to be quoted
@rem output includes the path to the decrypted file that is provided from the JS7_DECRYPT_FILE environment variable