The partners involved in file transfer automatically negotiate encryption and use of the appropriate public key in the process of connection set-up.

If possible, openFT uses the RSA/AES procedure with a AES key length of 256 bits for encryption. In the case of connections with older partners, 128-bit RSA/AES or RSA/DES may also be used. In all cases, the most secure of the procedures that are supported by both partners is used.

In addition, a minimum ASE key can be set via operating parameters, i.e. only AES keys of the specified length or larger ones will be accepted. If the partner cannot fulfill this requirement then the request will be rejected.

openFT automatically encrypts the request description data if both partners support this functionality, there is an RSA key pair set in the local system and encryption has not been explicitly disabled. If you are the FT administrator you can set the key length required for the RSA key (RSA-PROPOSED) via the operating parameters. The default value after installation is 2048. Additionally you can specify a minimum RSA key length via the operating parameters.

If one of the acting instances has configured a minimum RSA key length, the openFT protocol assures that the negotiation of the AES key will be encrypted by an RSA key of that minimum length.

When one of the partners has either no valid RSA key or has switched off encryption while the other communication partner requires a minimum key length, no connection between the two partners will be possible.