Considerations when generating keys for OFTP |
Top Previous Next |
In order to ensure interoperability with trading partners when using TLS to secure your OFTP data transfers, we suggest you take the following into consideration when generating server keys for your OFTP service.
Note: The cryptographic algorithms that will be used in OFTP TLS connections will require installation of the JCE Unlimited Strength Jurisdiction Policy Files if you're still using JDK/JRE 8, so we suggest you install those files first before generating your server keys if you're using JDK/JRE 8.
Key lengths
Generate keys with long key lengths. Although 1024-bits is still the minimum recommended key length in the OFTP2 Implementation Guideline as of this writing, several businesses who are using OFTP have already started employing 2048-bit keys.
Figure 276
Server key Advanced Settings
In OFTP, the certificate associated with the server key is normally used for the following purposes:
You can specify how a certificate will be used by ticking the appropriate check boxes in the Advanced tab of the Generate Server Key dialog.
If a certificate will be used for both digital signing and encryption, then both Digital Signature and Key Encipherment should be checked.
Figure 277
|