Usage: js7_encrypt.cmd [Options] [Switches]

  Options:
     --cert=<path-to-certificate>  | path to X.509 certificate or public key file used to encrypt the secret.
     --in=<secret>                 | secret that should be encrypted.
     --infile=<path-to-file>       | path to input file.
     --outfile=<path-to-file>      | path to output file that should be encrypted.

  Switches:
     -h | --help                   | displays usage

call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--in=secret"

for /f "tokens=1-3" %%i in ("%JS7_ENCRYPT_VALUE%") do (
  set encrypted_symmetric_key=%%i
  set encrypted_base64_iv=%%j
  set encrypted_string=%%k
)

@rem encrypts the given secret using an Agent's X.509 certificate
@rem consider that for Windows Shell all arguments have to be quoted
@rem output includes the symmetric key, initialization vector and encrypted string separated by space that are passed to environment variables

call .\bin\js7_encrypt.cmd "--cert=agent.crt" "--infile=%TEMP%\secret.txt" "--outfile=%TEMP%\secret.txt.encrypted"

for /f "tokens=1-3" %%i in ("%JS7_ENCRYPT_VALUE%") do (
  set encrypted_symmetric_key=%%i
  set encrypted_base64_iv=%%j
  set encrypted_file=%%k
)

@rem encrypts the given file using an Agent's X.509 certificate
@rem consider that for Windows Shell all arguments have to be quoted
@rem output is available from the JS7_ENCRYPT_VALUE environment variable
@rem output includes the symmetric key, initialization vector and encrypted file separated by space that are passed to environment variables

Usage: js7_decrypt.cmd [Options] [Switches]

  Options:
     --key=<path>                  | path to private key file for decryption.
     --iv=<initialization-vector>  | base64 encoded initialization vector (returned by encryption).
     --encrypted-key=<key>         | base64 encoded encrypted symmetric key (returned by encryption).
     --in=<encrypted-secret>       | encrypted secret to decrypt (returned by encryption).
     --infile=<path-to-file>       | path to encrypted input file.
     --outfile=<path-to-file>      | path to decrypted output file. 

  Switches:
     -h | --help                   | displays usage

@call .\bin\js7_decrypt.cmd "--key=agent.key" "--iv=%encrypted_base64_iv%" "--encrypted-key=%encrypted_symmetric_key%" "--in=%encrypted_string%"
@echo %JS7_DECRYPT_VALUE%

@rem decrypts the encrypted secret using an Agent's private key
@rem consider that for Windows Shell all arguments have to be quoted
@rem the JS7_DECRYPT_VALUE environment variable is automatically created and holds the decrypted secret

@call .\bin\js7_decrypt.cmd "--key=agent.key" "--iv=%encrypted_base64_iv%" "--encrypted-key=%encrypted_symmetric_key%" "--infile=%encrypted_file%" "--outfile=%TEMP%\secret.txt.decrypted"
@echo %JS7_DECRYPT_FILE%

@rem decrypts the given encrypted file using an Agent's private key
@rem consider that for Windows Shell all arguments have to be quoted
@rem output includes the path to the decrypted file that is provided from the JS7_DECRYPT_FILE environment variable