Note on usage
Function: Create a key pair set
User group: FT administrator
You can issue the FTCREKEY command under TSO with the FT system running.
Functional description
Using this FTCREKEY command, you create a key pair for authenticating your openFT instance in partner systems (RSA procedures). The key pair consists of a private key, administered internally by openFT, and a public key.
Public keys are stored under the name:
<openft qualifier>.<inst>.SYSPKF.R<key reference>.L<key length>
Here, the first two name parts are replaced by OPENFT QUALIFIER and the instance name.
The key reference is a numerical designator for the version of the key pair. The key length is 768 or 1024 or 2048. The three key lengths are always generated. The public key files are text files which are created in the character code of the respective operating system, i.e. EBCDIC.DF04-1 for BS2000, IBM1047 for z/OS, ISO8859-1 for Unix systems and CP1252 for Windows systems.
In a file <openft qualifier>.<inst>.SYSPKF.COMMENT you can store comments, which are written in the first lines of the public key files when a key pair set is created. Such comments could be, for example, the communications partner and the telephone number of the FT administrator on duty. The lines in the SYSPKF.COMMENT file may be a maximum of 78 characters long.
So that your openFT instance can be authenticated by partner systems (using openFT as of version 8.1), the public key file must be transported to the partners via a reliable path and re-coded if necessary.
In order to make an authorized update of the key pair sets, openFT supports up to three key pair sets at a time.
The most current key pair is used for delivering the session key for encrypting user data and request description data. If there is no key pair set, work proceeds without encryption.
Format
FTCREKEY |
Without operands
In the event of an error (three key pair sets already exist), the following message is output:
FTR1029 OPENFT: Maximum number of key pairs exceeded