JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 18

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version 19

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Users can create a Certificate Signing Request (CSR) and ask their Certificate Authority (CA) to sign the CSR and to receive an X.509 certificate. The X.509 Private Key or Certificate allow to derive the Public Key.
  • User can create a self-signed X.509 certificateCertificate, see JS7 - How to create self-signed Certificates.
  • Users can create a Private Key and Certificate as explained in the next chapter.

...

The following step is performed on the server hosting the Agent that should decrypt variablessecrets. The example makes use of the openssl command line utility that can be installed for Windows. There are alternative ways how to create private/public key pairsPrivate Keys and Certificates.

Code Block
languagebash
titleExample how to create ECDSA private key and certificate
linenumberstrue
# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format 
#   without passphrase
# openssl ecparam -name secp256k1 -genkey -noout -out agent.key
#   with passphrase
openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -passout pass:"jobscheduler" -out agent.key

# create certificate
openssl req -new -x509 -key agent.key -passin pass:"jobscheduler" -out agent.crt -days 1825

# extract public key from private key (not required)
# openssl ec -in agent.key -passin pass:"jobscheduler" -pubout > agent.pub

...

  • --cert
    • Specifies the path to a file that holds the CA signed or self-signed X.509 certificateCertificate. Alternatively the path to a file holding the public key Public Key can be specified.
  • --in
    • Specifies the input value that should be encrypted, typically a secret.
    • One of the options --in or --infile has to be specified.
  • --infile
    • Specifies the path to the input file that should be encrypted.
    • One of the options --in or --infile has to be specified.
    • This option requires use of the --outfile option.
  • --outfile
    • Specifies the path to the output file that will be created holding the encrypted content of the input file.
    • The option is used required if the --infile option is specified.

...

  • --key
    • Specifies the path to a the private key Private Key file that matches the X.509 certificate Certificate or public key Public Key used for previous encryption.
    • The argument is required.
  • --key-password
    • Specifies the password if the private key Private Key file indicated with the --key option is protected by a password.
  • --iv
    • Specifies the base64 encoded initialization vector as returned during encryption.
    • The argument is required.
  • --encrypted-key
    • Specifies the base64 encoded, encrypted symmetric key as returned during encryption.
    • The argument is required.
  • --in
    • Specifies the encrypted value that should be decrypted.
    • One of the options --in or --infile has to be specified.
  • --infile
    • Specifies the path to an encrypted file that should be decrypted.
    • One of the options --in or --infile has to be specified.
    • This option requires use of the --outfile option.
  • --outfile
    • Specifies the path to the output file that will be created holding the decrypted content of the input file.
    • The option is used required if the --infile option is specified.

...