openFT offers the following encryption possibilities for data transfer and file management:

• Encryption of request description data:
  This refers to the protocol data which file transfer sends and receives in order to establish connections and process requests.

• Encryption of user data (i.e. the content of the transferred file, only possible for openFT-Partners and outbound secure FTP partners):
  The encryption of the file contents can be set individually for the transfer request or via an admission profile or, more generally, in the operating parameters. It is also possible to force or prohibit encryption, for example for performance-related reasons.

• Encryption of file attributes and directory list attributes

When connecting to partners that support the AES algorithm, then RSA/AES encryption algorithm is used for the request description data and the content of the transferred file.

To do this, openFT as of V12.0 uses a 256-bit AES key and a 2048-bit RSA key by default. Alternatively, a 1024-bit or 768-bit RSA key can be used. The FT administrator must set this in the operating parameters. In the case of connections with older versions, encryption is negotiated downwards if necessary, i.e. an RSA of a length that is available in the older version is used or, if AES keys are not supported, DES encryption is employed.

The FT administrator can also set a minimum RSA key length and/or a minimum AES key length. In this case, a request is rejected if the partner cannot fulfill this requirement.

The mechanism for active encryption of user data is a separate supply unit and must be unlocked explicitly due to legal requirements.

For further details, see section “Encryption for file transfer and file management” and section “Protection mechanisms against data manipulation”.