Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Encryption for file transfer

&pagelevel(4)&pagelevel

openFT supports for openFT partners the encryption of the data sent and received in the process of setting up the connection and processing a file transfer request. The partners involved in file transfer automatically negotiate encryption and use of the appropriate public key in the process of connection set-up.

If possible, openFT uses the RSA/AES procedure with a AES key length of 256 bits for encryption. In the case of connections with older partners, RSA/AES with 128-bit AES key length or RSA/DES may also be used. In all cases, the most secure of the procedures that are supported by both partners is used. In order to increase the security you can define additionally a RSA minimum key length and/or a AES minimum key length (FTMODOPT command, KEY-LENGTH= operand).

openFT automatically encrypts the request description data if both partners support this functionality, there is an RSA key pair set in the local system and encryption has not been explicitly disabled (command FTMODOPT ...,KEY-LENGTH=(RSA-MINIMUM=0)). You can use the SHOW-FT-OPTIONS command to check the key length that is currently being used (output parameter KEY-LEN). You can set the key length required for the RSA key via the operating parameters (FTMODOPT command KEY-LENGTH parameter).

Using the FTCREKEY command, the FT administrator must create at least one key pair set, upon which the encryption will be based and carried out. Alternatively, the administrator can also import a key pair of the configured key length using
FTIMPKEY.

If, in addition to the request description data, the file content is to be encrypted for transfer by openFT, then the optional openFT-CR component must be installed on both FT systems involved.

If one of the two systems is not capable of handling encrypted file transfers, the request is rejected with the message FTR2051 (User data encryption not possible for this request) or with FTR2113 (encryption is not possible in remote system).

For legal reasons, openFT-CR is not available in all countries.

Forcing encryption

Encryption of the file contents is optional and is usually requested during the transfer request. However, you can also use the operating system parameters to force encryption (mandatory encryption). To do this, use the ENCRYPTION-MANDATORY operand in the FTMODOPT command.

Mandatory encryption can be set differently for different operations (only inbound, only outbound or all requests). The settings apply to file transfer requests via the openFT protocol as well as for administration requests. Inbound FTP requests are rejected because no encryption is permitted. File management continues to be performed irrespective of the settings. In addition, the following applies:

  • If outbound encryption is activated then the file content is encrypted on outbound requests even if no encryption is demanded in the request itself. If the partner does not support encryption (e.g. because it is deactivated or because openFT-CR is not installed) then the request is rejected.

  • If an unencrypted inbound request is to be processed while inbound encryption is activated, then this request is rejected.

Powered by Atlassian Confluence and Scroll Viewport.