Page History
...
- Encryption and decryption can be performed directly by related jobs.
- Encryption and decryption can be performed outside of JS7 products.
- This includes that JS7 products have no knowledge of secret keys involved that potentially could be compromised by logging, database persistence etc.
For creation of Encryption Keys see JS7 - How to create X.509 Encryption Keys.
Display feature availability | ||
---|---|---|
|
Display feature availability | ||
---|---|---|
|
...
The following step is performed on the server hosting the Agent that should decrypt secrets using the openssl
utility from the command line:. Find more examples and explanations from JS7 - How to create X.509 Encryption Keys.
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# navigate to the Agent's <agent-data>/\config/\private directory cd /var/Set-Location $env:Programdata\sos-berlin.com/\js7/\agent/\config/\private # create thePrivate privateKey # key infor pkcs#1use format #with passphrase add: without passphrase-passout pass:"secret" openssl ecparam -name secp256k1secp384r1 -genkey -noout -out agent.key # create Certificate withSigning passphraseRequest # openssl ecparamreq -genkeynew -name secp256k1 | openssl ecsha512 -aes256nodes -passout pass:"jobscheduler"key agent.key -out agent.keycsr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent" # create certificate openssl req -new -x509 -key agent.key -out agent.crt -days 1825 # openssl req -new -x509 -keyCertificate $user_crt_tmp_file = New-TemporaryFile "keyUsage=critical,keyAgreement,keyEncipherment" | Out-File $user_crt_tmp_file # for passphrase add: -passin pass:"secret" openssl x509 -req -sha512 -days 1825 -signkey agent.key -passin pass:"jobscheduler"in agent.csr -out agent.crt -days 1825extfile $user_crt_tmp_file Remove-Item -Path $user_crt_tmp_file -Force |
Code Block | ||||||||
---|---|---|---|---|---|---|---|---|
| ||||||||
# navigate to the Agent's <agent-data>/\config/\private directory cd /var/Set-Locataion $env:Programdata\sos-berlin.com/\js7/\agent/\config/\private # create thePrivate privateKey keyand inCertificate pkcs#1Signing formatRequest # for passphrase add: without passphrase-passout pass:"secret" openssl req -x509new -sha256 -newkey rsa:20484096 -sha256 -nodes -keyout agent.key -out agent.crtcsr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent" # create with passphrase # openssl req -x509 -sha256 -newkey rsa:2048 -passout pass:"jobscheduler" -keyoutCertificate $user_crt_tmp_file = New-TemporaryFile "keyUsage=critical,keyAgreement,keyEncipherment" | Out-File $user_crt_tmp_file # for passphrase add: -passin pass:"secret" openssl x509 -req -sha512 -days 1825 -signkey agent.key -in agent.csr -out agent.crt -extfile $user_crt_tmp_file Remove-Item -Path $user_crt_tmp_file -Force |
Step 2: Making the Certificate available
...
Overview
Content Tools