Note on usage

Function: Create a key pair set

User group: FT administrator

Alias name: FTCREKEY

Functional description

Using this CREATE-FT-KEY-SET command, you create a key pair for authenticating your openFT instance in partner systems (RSA procedures). The key pair consists of a private key, administered internally by openFT, and a public key.

Public keys are stored on the configuration user ID of the FT instance (default: $SYSFJAM) under the name:

SYSPKF.R<key reference>.L<key length>

The key reference is a numerical designator for the version of the key pair. The key length is 768 or 1024 or 2048 bit. Since openFT version V12.1C60 there are additionally two key lengths 3072 and 4096 bit. The five key lengths are always generated. The public key files are text files which are created in the character code of the respective operating system, i.e. EBCDIC.DF04-1 for BS2000, IBM1047 for z/OS, ISO8859-1 for Unix systems and CP1252 for Windows systems.

In a file SYSPKF.COMMENT on the configuration user ID of the openFT instance you can store comments, which are written in the first lines of the public key files when a key pair set is created. Such comments could be, for example, the communications partner and the telephone number of the FT administrator on duty. The lines in the SYSPKF.COMMENT file may be a maximum of 78 characters long.

So that your openFT instance can be authenticated by partner systems (using openFT as of version 8.1), the public key file must be transported to the partners via a reliable path and re-coded if necessary.

In order to make an authorized update of the key pair sets, openFT supports up to three key pair sets at a time.

The most current key pair is used for delivering the session key for encrypting user data and request description data. If there is no key pair set, work proceeds without encryption.

Format

Without operands

Command return codes