Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Jobs might require variables for parameterization that hold secrets. We find a number of requirements for management of such variables, see JS7 - How to encrypt and decrypt Variables

The preferred solution with JS7 is to use asymmetric keys, for details see JS7 - Encryption and Decryption.

...

Code Block
languagebash
titleExample how to create ECDSA private key and certificate
linenumberstrue
collapsetrue
# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format
#   without passphrase
# openssl ecparam -name secp256k1 -genkey -noout -out agent.key
#   with passphrase
# openssl ecparam -genkey -name secp256k1 | openssl ec -aes256 -passout pass:"jobscheduler" -out agent.key

# create certificate
openssl req -new -x509 -key agent.key -out agent.crt -days 1825
# openssl req -new -x509 -key agent.key -passin pass:"jobscheduler" -out agent.crt -days 1825

# extract public key from private key (not required)
# openssl ec -in agent.key -pubout > agent.pub
# openssl ec -in agent.key -passin pass:"jobscheduler" -pubout > agent.pub
Code Block
languagebash
titleExample how to create RSA private key and certificate
linenumberstrue
collapsetrue
# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create the private key in pkcs#1 format
#   without passphrase
# openssl req -x509 -sha256 -newkey rsa:2048 -keyout agent.key -out agent.crt
#   with passphrase
# openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyout agent.key -out agent.crt

# extract public key from certificate (not required)
# openssl x509 -pubkey -noout -in agent.crt > agent.pub

...

Code Block
languagepowershell
titleExample for Decryption using PowerShell
linenumberstrue
# assumes that prevous encryption created a "result" variable and encrypted output file
# $result = Invoke-JS7Encrypt -File /tmp/secret.txt -OutFile /tmp/secret.txt.enc -CertificatePath agent.crt -JavaLib /js7/js7.encryption/lib

Invoke-JS7Decrypt -Value $result -File /tmp/secret.txt.enc -OutFile /tmp/secret.txt.dec -KeyPath agent.key -JavaLib /js7/js7.encryption/lib
Get-Content /tmp/secret.txt.dec -Raw

# decrypts the given encrypted file using an Agent's private key
# creates the decrypted output file

Further Resources

...