JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Andreas Püschel

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Table of Contents

Introduction

...

The JS7 allows to operate JOC Cockpit

...

  • For the low security level the private key of the root account available with the JS7 - Database is used for all users.
  • For the medium security level the user's individual private key available with the JS7 database is used.
  • For the high security level signing is performed outside of JOC Cockpit. No private keys are stored with JOC Cockpit and the JS7 database.

in one of the Security Levels low, medium, high, for details see JS7 - Security Architecture.

  • low: workflows are digitally signed from a single Private Key used by all user accounts in JOC Cockpit. The Private Key is stored in the JS7 database.
  • medium: workflows are digitally signed from Private Keys per user accounts in JOC Cockpit. The Private Key is stored in the JS7 database.
  • high: workflows have to be digitally signed outside of JOC Cockpit. Users export workflows from the JS7 inventory to a .tar.gz/.zip export archive.

For an overview of the signing process

...

see JS7 - Deployment of Workflows for High Security Level.

The following example is provided for manual signing and deployment of workflows.

For automated signing and deployment see

Example for Deployment Process

...

Code Block
languagebash
titleStep 1: Create binary signature file from signing a workflow file
openssl dgst -sha256 -sign c:\tmp\sos.private-ec-key.pem -out c:\tmp\example-wf.workflow.json.sig.bin c:\tmp\example-wf.workflow.json
  • -sha256
    • the The signer algorithm
  • -sign c:\tmp\sos.private-ec-key.pem
    • the private key The Private Key file used to sign the workflow file
  • -out c:\tmp\example-wf.workflow.json.sig.bin
    • the The path to the output file that contains the binary representation of the signature
  • c:\tmp\example-wf.workflow.json
    • the The path to the original workflow file.


...

  • base64
    • OpenSSL switch to transform the signature file from binary encoding to base64 encoding
  • -in c:\tmp\example-wf.workflow.json.sig.bin
    • the The binary encoded signature file as created in step 1)
  • -out c:\tmp\example-wf.workflow.json.sig
    • the The base64 encoded signature file to be created that carries a .sig extension and that will be picked up later on by JOC Cockpit when importing workflows and signatures.

...