Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Encryption on data transfer

&pagelevel(4)&pagelevel

Prerequisites for encrypting user data:

  • For openFT versions <= V12.1B:
    openFT-CR must be installed both locally and on the partner system. For legal reasons, openFT-CR is not available in all countries.

  • An RSA key pair set must exist in the local system and encryption must not be deactivated (encryption is deactivated by specifying ftmodo -kl=0).

    You can check this using the ftshwo command. The output parameter RSA-PROP displays the length of the currently used RSA key in bits (0, 768, 1024, 2048, 3072 or 4096). 0 means that encryption is deactivated.

You can set the length required for the RSA key and the minimum RSA key length via the operating parameters. In addition, you can set a minmum AES key length.

To do this, use the following options:

  • -kl (desired RSA key length) and -klmin (minimum RSA key length) in the ftmodo command or the openFT Explorer (Administration menu, Operating Parameters command). The default values after a new installation are 2048 (-kl) and 0 (-klmin).

  • -aesmin (minimum AES key length) in the ftmodo command or the openFT Explorer (Administration menu, Operating Parameters command). The default value after a new installation is -aesmin= (no minimum AES key length set).

For further details on local keys, see section “Creating and administering local RSA key pairs”.

Forcing encryption

Encryption of the file contents is optional and is usually requested during the transfer request. However, you can also use the operating system parameters to force encryption (mandatory encryption). To do this, specify the ftmodo command with the option -c. Alternatively, in the openFT Explorer: Administration menu - Operating Parameters, General tab, Encryption of User Data.

Mandatory encryption can be set differently for different operations (only inbound, only outbound or all requests). The settings apply to file transfer requests via the openFT protocol as well as for administration requests. FTAM requests and inbound FTP requests are rejected because encryption is not supported. File management continues to be performed without encryption independently of the settings.

Powered by Atlassian Confluence and Scroll Viewport.