Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Creating and administering local RSA key pairs

&pagelevel(5)&pagelevel

An RSA key pair set is created during new installation of openFT and consists of private and public keys of suitable length.

You can use the following commands to generate and manage local RSA keys:

  • ftcrek creates a RSA key pair set for the local openFT instance.

  • ftshwk outputs the properties of all the keys in the local system.

  • ftupdk updates public keys.

  • ftdelk deletes local key pairs.

  • ftmodk modifies RSA keys.

  • ftimpk imports RSA keys.

You can also create and administer RSA key pair sets using the openFT Explorer. To do this, choose the relevant command from Administration - Key Management.

Key pair attributes

An RSA key pair set in the Unix or Windows system currently consists of five key pairs with a lengths of 768, 1024, 2048, 3072 and 4096 bits. Up to and including openFT version 12.1C10, an RSA key pair set in the Unix or Windows system consisted of only three key pairs with a lengths of 768, 1024 and 2048. Private keys are internally administered by openFT, public keys are stored in the config directory of the instance file tree of the openFT instance see section “Installation of openFT” (Unix systems) or section “Installation of openFT” (Windows systems) under the following name:

syspkf.r<key reference>.l<key length>

The key reference is a numerical designator for the version of the key pair. The public key files are text files that are created using the character code of the respective operating system, i.e. by default:

  • Unix systems: ISO8859-1

  • Windows systems: CP1252

Storing comments

In the syspkf.comment file in the config directory of the instance file tree, you can store comments, which are written in the first lines of the public key files when a key pair set is created. The syspkf.comment file is a text file that you can edit. The comments could, for example, contain the contact information of the FT administrator on duty, the computer name, or similar information that is important for partners. The lines in the file syspkf.comment can only be a maximum of 78 characters long. Using the command ftupdk, you can also import subsequent comments from this file into existing public key files.

Updating and replacing keys

If a public key file were accidentally deleted, you could re-create the public key files of the existing key pair set using ftupdk.

If you want to replace a key pair set with a completely new one, you can create a new key pair set using ftcrek. You will recognize the most up-to-date, public key by the highest value key reference in the file name. openFT supports a maximum of three key pair sets at a time. The existence of several keys, however, should be temporary, until you have made the most up-to-date public key available to all partner systems. Thereafter, you can delete key pair sets that are no longer needed using ftdelk . Deleted key pair sets can not be restored using ftupdk.

Powered by Atlassian Confluence and Scroll Viewport.