Page History
Table of Contents |
---|
Introduction
...
The JS7 allows to operate JOC Cockpit
...
- For the low security level the private key of the
root
account available with the JS7 - Database is used for all users. - For the medium security level the user's individual private key available with the JS7 database is used.
- For the high security level signing is performed outside of JOC Cockpit. No private keys are stored with JOC Cockpit and the JS7 database.
in one of the Security Levels low, medium, high, for details see JS7 - Security Architecture.
- low: workflows are digitally signed from a single Private Key used by all user accounts in JOC Cockpit. The Private Key is stored in the JS7 database.
- medium: workflows are digitally signed from Private Keys per user accounts in JOC Cockpit. The Private Key is stored in the JS7 database.
- high: workflows have to be digitally signed outside of JOC Cockpit. Users export workflows from the JS7 inventory to a .tar.gz/.zip export archive.
For an overview of the signing process
...
see JS7 - Deployment of Workflows for High Security Level.
The following example is provided for manual signing and deployment of workflows.
For automated signing and deployment see
- JS7 - Signing Workflows with X.509 Certificates using Unix Shell Script
- JS7 - Signing Workflows with X.509 Certificates using PowerShell Script
- JS7 - Signing Workflows with X.509 Certificates using PowerShell CI CD pipeline
Example for Deployment Process
...
Code Block | ||||
---|---|---|---|---|
| ||||
openssl dgst -sha256 -sign c:\tmp\sos.private-ec-key.pem -out c:\tmp\example-wf.workflow.json.sig.bin c:\tmp\example-wf.workflow.json |
-sha256
- the The signer algorithm
-sign c:\tmp\sos.private-ec-key.pem
- the private key The Private Key file used to sign the workflow file
-out c:\tmp\example-wf.workflow.json.sig.bin
- the The path to the output file that contains the binary representation of the signature
c:\tmp\example-wf.workflow.json
- the The path to the original workflow file.
- the The path to the original workflow file.
...
base64
- OpenSSL switch to transform the signature file from binary encoding to base64 encoding
-in c:\tmp\example-wf.workflow.json.sig.bin
- the The binary encoded signature file as created in step 1)
-out c:\tmp\example-wf.workflow.json.sig
- the The base64 encoded signature file to be created that carries a .sig extension and that will be picked up later on by JOC Cockpit when importing workflows and signatures.
...
Overview
Content Tools