Note on usage
Function: Import key
User group: FT administrator
Alias name: FTIMPKEY
Functional description
You can use the IMPORT-FT-KEY command as FT administrator to import a partner’s public key or an RSA key pair.
Importing a public key
If you want to import the public key of a partner, the key must have been generated by the partner’s openFT instance and the partner must have been entered in the partner list. The key is then stored in the SYSKEY file under the name of the partner. Please ensure that the partner’s instance identification is entered correctly in the partner list.
Importing an RSA key pair
You can import an RSA key pair consisting of a public and a private key. The key pair can be used for data encryption and authentication like a key pair generated by openFT.
The key pair must be generated using an external tool. It must have the length 768, 1024 or 2048 bits and be present in PEM format (openSSL native PEM or PKCS#8) or in PKCS#12 V1.0 format. Since openFT version V12.1C60 there are additionally two key lengths 3072 and 4096.
If the key pair demands a password phrase (password), then this must be specified during the import.
During import, the same applies as for key pairs generated with CREATE-FT-KEY-SET:
The key pair contains a unique reference number.
The public key is stored under the name
SYSPKF.R<key reference>.L<key length>
For details, see command CREATE-FT-KEY-SET.
Format
IMPORT-FT-KEY / FTIMPKEY |
PRIVATE-KEY = * NONE / *PARAMETERS(...) *PARAMETERS(...) FILE-NAME = <filename 1..54> ,PASSWORD = *NONE / *SECRET / <c-string 1..64 with-low> ,TYPE = *PEM / *P12 ,PUBLIC-KEY = *NONE / *PARAMETERS(...) *PARAMETERS(...) FILE-NAME = <filename 1..54> |
Operands
PRIVATE-KEY =
Specifies whether a private key is to be imported.
PRIVATE-KEY = *NONE
No private key is imported.
PRIVATE-KEY = *PARAMETERS(...)
Defines which private key is imported.
FILE-NAME = <filename 1..54>
Name of the file which contains the private key.
PASSWORD =
Password with which the private key is protected.
PASSWORD = *NONE
The private key is not protected by a password.
PASSWORD = *SECRET
You are requested by the system to enter the password. However, your entry is not displayed on the screen.
PASSWORD = <c-string 1..64 with-low>
Password with which the private key is protected.
TYPE =
Type of key file whose key is to be imported.
TYPE = *PEM
The key file is available in PEM format.
TYPE = *P12
The key file contains a certificate and a private key in accordance with the standard PKCS#12 V1.0. The file is searched for a private key and any non-supported elements (e.g. certificates, CRLs) are ignored during the import. The first private key that is found in the file is imported. Any others are ignored.
If the certificate is protected by a signature or hash, then openFT does not perform a validity check. The validity of the file must be verified using other means.
PUBLIC-KEY =
Specifies whether a public key is to be imported.
PUBLIC-KEY = *NONE
No public key is imported.
PUBLIC-KEY = *PARAMETERS(...)
Defines which public key is imported.
FILE-NAME = <filename 1..54>
Name of the file which contains the public key.
Command return codes
(SC2) | SC1 | Maincode | Meaning |
0 | 0 | CMD0001 | Key pair has been imported. |
83 | 32 | CMD0221 | Internal error. |
29 | 64 | FTR1029 | Maximum number of key pairs exceeded. |
35 | 64 | FTR1035 | Command only permissible for FT administrator. |
45 | 64 | FTR1045 | Partner name not found in partner list. |
69 | 64 | FTR1065 | Key file not found. |
66 | 128 | FTR1066 | Too little storage space for the file. |
69 | 64 | FTR1069 | Error while accessing the key file. |
83 | 64 | FTR1083 | Structure of the key file not supported. |
84 | 64 | FTR1084 | Invalid password. |
85 | 64 | FTR1085 | Password not specified. |
86 | 64 | FTR1086 | Key pair already exists. |
SC1/2 = Subcode 1/2 in decimal notation For additional information, see section “Command return codes”. | |||