Creating OFTP2 System Keys

The five OFTP2 system keys are defined in the following table.

System Key Description
TLS System Key Used to secure the TLS connection. The TLS protocol provides encryption, so when using TLS, you typically do not need to define an encryption system key.
Authentication System Key Used to authenticate the OFTP2 client and the OFTP2 server. This provides non-repudiation for the OFTP2 client and the OFTP2 server.
Encryption System Key Used to decrypt data sent by the OFTP2 client. The OFTP2 client encrypts the data using the public key so that it can only be decrypted by a server with the OFTP2 private key. Generally speaking, when using TLS, you do not need to perform OFTP2 encryption, since TLS encrypts the data.
Signing System Key Used to sign a file. Files are signed using a system key so that any target system with the associated public key can verify the signature.
EERP System Key Used when the OFTP2 client requests an EERP (End-to-End Response).

To create an OFTP2 system key, complete the following steps.

    Procedure
  1. Go to Management > Protocol Keys > System Keys > Create Key.

    The Create System Key page is displayed.

  2. Enter the required information described in the table below:
    ParameterInstruction
    System Key TypeOFTP2 system key.
    DescriptionEnter a unique description.
    PasswordEnter and confirm the system key password.
    Expiration DateSet this according to your company's standards.
    Key SizeSet to 2048 bits or higher.
    Signing AlgorithmSet to SHA-256, SHA-384, or SHA-512.
    Set as the Default keySelect this check box.
    Common NameSet to IP the name of your OFTP2 server.

  3. After entering these fields, click Create Key to create the OFTP2 system key.

MFT supports up to five OFTP2 system keys. Not all OFTP2 system keys are required. You can use the same OFTP2 key for multiple OFTP functions. If you need to create multiple OFTP2 system keys, use the description field to define the way that the OFTP2 system key is used.

Note: When you define OFTP2 system keys, you should send the corresponding public key to the OFTP2 client.

Displaying OFTP2 Public Key

You can display the OFTP2 public key by following these steps:

    Procedure
  1. Go to Management > Protocol Keys > System Keys > Manage Keys.
  2. Select the OFTP2 key.
  3. Click the Public Certificate tab.
  4. Copy and paste the OFTP2 system key and send the key to the partner.

MFT does not support the automated key exchange supported by some OFTP2 clients and servers.