JS7 JobScheduler

Space shortcuts

Page tree

Versions Compared

Old Version 37

changes.mady.by.user Santiago Aucejo Petzoldt

Saved on

compared with

New Version 38

changes.mady.by.user Andreas Püschel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Encryption and decryption can be performed directly by related jobs.
  • Encryption and decryption can be performed outside of JS7 products.
  • This includes that JS7 products have no knowledge of secret keys involved that potentially could be compromised by logging, database persistence etc.

For creation of Encryption Keys see JS7 - How to create X.509 Encryption Keys.

Display feature availability
StartingFromRelease2.5.9

Display feature availability
StartingFromRelease2.6.6

...

The following step is performed on the server hosting the Agent that should decrypt secrets using the openssl utility from the command line:.
Find more examples and explanations from JS7 - How to create X.509 Encryption Keys.

Code Block
languagebash
titleExample how to create ECDSA private key and certificatePrivate Key and Certificate using ECDSA encryption
linenumberstrue
collapsetrue
#!/bin/bash

# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create Private theKey
# private key infor pkcs#1use format
#with passphrase add: without passphrase-passout pass:"secret"
openssl ecparam -name secp256k1secp384r1 -genkey -noout -out agent.key

# create Certificate withSigning passphraseRequest
# openssl ecparamreq -genkeynew -name secp256k1 | openssl ecsha512 -aes256nodes -passout pass:"jobscheduler"key agent.key -out agent.keycsr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent"

# create certificateCertificate
openssl# req -new -x509for -key agent.keypassphrase add: -out agent.crt -days 1825
# openssl passin pass:"secret"
openssl x509 -req -newsha512 -x509days 1825 -keysignkey agent.key -passin pass:"jobscheduler"in agent.csr -out agent.crt -days 1825extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")
Code Block
languagebash
titleExample how to create RSA private key and certificatePrivate Key and Certificate using RSA encryption
linenumberstrue
collapsetrue
#!/bin/bash

# navigate to the Agent's <agent-data>/config/private directory
cd /var/sos-berlin.com/js7/agent/config/private

# create thePrivate privateKey keyand inCertificate pkcs#1Signing formatRequest
#   withoutfor passphrase add: -passout pass:"secret"
openssl req -x509 -sha256new -newkey rsa:20484096 -sha256 -nodes -keyout agent.key -out agent.crtcsr -subj "/C=DE/ST=Berlin/L=Berlin/O=SOS/OU=IT/CN=Agent"

# create Certificate
#   withfor passphrase
#  add: -passin pass:"secret"
openssl reqx509 -x509req -sha256sha512 -newkeydays rsa:20481825 -passout pass:"jobscheduler"signkey agent.key -keyoutin agent.keycsr -out agent.crt -extfile <(printf "keyUsage=critical,keyEncipherment,keyAgreement\n")

Step 2: Making the Certificate available

...