You can import the following keys using the ftimpk command or in the openFT Explorer (Administration - Key Management):

• Private keys that were generated with an external tool (i.e. not via openFT). When importing a private key, openFT generates the associated public key and stores it in the config directory in the instance file tree, see section “Creating and administering local RSA key pairs”. This key can be used in the same way as a key generated with ftcrek and distributed to partner systems.

• Public keys of partner instances. These keys must have the openFT key format (syspkf), i.e. they must have been generated by the partner's openFT instance. openFT stores the key in the syskey directory, see section “Administering the keys of partner systems”.

Every imported key pair contains a unique reference number. RSA keys with the supported key lengths are imported (768, 1024, 2048, 3072 and 4096 bits).

openFT supports key files in the following formats:

• PEM format (native PEM)

  The PEM-coded files must be present in EBCDIC format.

• PKCS#8 format encrypted without password phrase or after v1/v2 with password phrase (PEM-coded).

  You must specify the password phrase used for encryption in the password parameter when you perform the import.

• PKCS#12 v1 format in the form of a binary file. The file is searched for a private key and any non-supported elements (e.g. certificates, CRLs) are ignored during the import. If the certificate is protected by a signature or hash then openFT does not perform a validity check. The validity of the file must be verified using other means. The first private key that is found in the file is imported. Any others are ignored.

  You must specify the password phrase used for encryption in the password parameter when you perform the import.