JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • JS7 - Encryption and Decryption includes to perform encryption outside of JS7 products.
  • When performing encryption users should check that credentials are not compromised by logging etc.

For creation of Encryption Keys see JS7 - How to create X.509 Encryption Keys.

Display feature availability
StartingFromRelease2.7.0

...

The Hibernate configuration file has to hold a reference where to locate the location of the Private Key used for decryption:

...

The path to the Private Key file is specified from a property in the hibernate.cfg.xml file. The Private Key can optionally be protected by a password. The password is not a secret but aims to check integrity when reading/writing private keyspassphrase. If no password passphrase is used to access the Private Key, then the related property should not be specified.

Note: Private Keys can be protected using a passphrase that acts as a second factor when a human user will access the key: while the Private Key is in the file system, the passphrase is in the user's brains. However, this does not improve security for unattended processing: it's pointless to store a passphrase side-by-side with the Private Key in scripts or configuration files on the same media.

Related properties in the hibernate.Related properties in the hibernate.cfg.xml file include:

Code Block
languagexml
  <property name="hibernate.connection.password">enc:gLjIPeUJP3o1cw4y9wNrFkNUIfe5Bi/eW+KMkLUy4mvVOH0Z41V0Iuob0lDN6UFXMG1//YDbUA3yFSpvHdmRlGnYsMPkbqz+tN+7Ypy5px7F7NGGpPFSeeGS4JOe7cmgkHx9i9ZPJEEK/xDLoPj/9zj4OLTcWxrHKR0bwT2NvpEZoBPWVnWMoBqTQfk+PBRRkQFYdtR+uKVl7qMEkNc6N92hYGRevUwIZ7h++ENazlgzUdNZc1K1LCRZ/BtB8/MopP3elZ6Vq2LmP3LGnzu6MwSSBgNbPN2vguDqWjnncO1h5MekmqHV5S9RY2L+7NZ7jJ3q233ZFwq56Xm/TWB92g== U2WnoXgh87kdOz7Zcumkpg== 3mnbt2Qe7JdQuN2Lm5SD0w==</property>
  <property name="hibernate.connection.url">enc:oe5qm3SOudO8LgcFXlW3cTlsdLycXEgUis2GFJdm+4w/NHF3KGYZXCEsqUFMwvWsdY/whfkCPOyUf4cj1eY1F5QSVzjsCgpfXtpvqUjqa7mzpAfzHfRr8gjZNHzCinefke8muCYFiZbb8s9rWHu4G8aIAJsxlWrhJeu7SXqs3JPrrrBt9EJ8kJw6w/xWbUhR5MVLAvj9mIg+w83qwAhZrvuz+McoTKskXvLcBlQPtXc+Yz3RuosczmaWgHYcc/++CtnHHtlSVQf9108jus13ab6mGGsDjodVJjm715VB+cUmWhBKpwyjksrISKcpkMnGlSK3KE+VsTMjzAMPPAyGEQ== zzEKadcxLgfl4GrRUYvApA== FM5ycloUYUbUeniZUDZpK7atxQR5bvmJmYJLS1k356oA/fCoioE6zFfOzENTKgxn</property>
  <property name="hibernate.connection.username">enc:WCWDGolHrQV4zWwF7i+QEOMrzXfhQSWoH4Azb+udCPSXsvDcNBiTam9zSVDyzCkVT3VAoBdT+WQbOSJRtdvYv6IaIJHJ98W5+H/F29UlOtKhJFbzVq+qxT4XPHSlMvzhub72lv5sWEyhNsjdFd6tJj0mVVH7+jmMAzFMCMKfMeNUbsXrH5Os6UR0Uqy6KbjVx8BOv02ooqFb69yFyI76/gwkxAV+9fYinCxIj3adSO1P6Cn0VNXLw1y2z/Xuv2PJ9CusshmMEiG95/G85VSNqlSMV0HfiQ71VS2EN0fcVcFlugyslTUDIcP4ed3pNlwblu86oPoenC4Xvw3Qh2Xj/A== IcI4xRV0fnO+qRLLg3/abQ== 1gV4bt2rvMgdtPOPXFt5qw==</property>

  <property name="hibernate.sos.decryption_key">joc.key</property>
  <property name="hibernate.sos.decryption_keypassword">jobscheduler</property>

...

  • hibernate.sos.keystore_path: The keystore path can be specified from an absolute path or from a relative path. The relative path starts from the JETTY_BASE/resources/joc directory of the JOC Cockpit installation.
  • hibernate.sos.keystore_type: The PKCS12 keystore type should be used. Typically keystores with the file name extension .p12 or .pfx signal indicate a PKCS12 compliant keystore.

  • hibernate.sos.keystore_password: The keystore should be be protected by a password. The password is not a secret, but aims to checking integrity when reading/writing keystores.

  • hibernate.sos.keystore_keypassword: For use with the PKCS12 format the password passphrase for the key and the password for the keystore have to match.

  • hibernate.sos.keystore_keyalias: The Private Key's alias name is a unique identifier of the key in the keystore. An alias name has to be specified if more than one Private Key is available in the keystore. The property can be omitted for keystores that hold a single key.

...

It is possible to use the SSL Private Key/Certificate stored in JOC Cockpit's keystore for HTTPS connections for to perform encryption/decryption, see JS7 - JOC Cockpit HTTPS Connections.

...