Introduction: OFTP with Lobster_data.

images/download/attachments/21305852/Partner_36_2_EN-version-1-modificationdate-1544673025000-api-v2.png

(1) Specifies for which subtype the channel may be used.

OFTP via ISDN.
OFTP via TCP/IP.
OFTP via TLS .

(2) Here the local certificate (with private key) is assigned. Only needed for OFTP2 to decrypt received encrypted files and to sign sent files. For OFTP2 via TLS (1), a client certificate for the TLS connection may additionally be required for outgoing connections. The local certificate will also be used for that.

In addition, the partner certificate is assigned here, i.e. the public part of the certificate of the partner to which the channel is assigned. Only needed for OFTP2 to encrypt sent files and to check received signed files.

(3) Should your local certificate or the partner certificate expire soon and you already have a corresponding new certificate, then you can add the new certificate here. Once the old certificate has expired, then the pending certificate is used.

images/download/attachments/21305852/Partner_37_1_EN-version-1-modificationdate-1544675014000-api-v2.png

(4) Specifies whether files are to be signed or encrypted when sent to the partner system. The files are signed with the signature algorithm set in (10) and the local certificate (2). The files are encrypted using the encryption algorithm set in (12) with the partner certificate (2).

(5) If the checkbox Receive signed is set, an error is generated if the received files are not signed and the files are rejected. If the checkbox Receive encrypted is set, an error is generated if the received files are not encrypted and the files are rejected.

(6) The OFTP restart functionality can be suppressed.

(7) If set, the partner requires signed receipt confirmations (EERPs, End to End Responses) for outgoing data transmissions to the partner.

(8) If this checkbox is set then only files with an additional SFID combination listed in (20) will be accepted, otherwise they will be rejected.

(9) Must be set if the automatic certificate exchange is to be used. See the corresponding section below.

(10) Determines the algorithm with which sent files are signed. The setting only works if the checkbox Send signed (4) is set.

(11) SecAuth is an authentication by client certificate. The local certificate (2) is used for that, comparable to the pubkey authentication with SSH.

(12) Determines the algorithm with which sent files are encrypted. The setting only works if the checkbox Send encrypted (4) is set.

Note: The signature and encryption algorithm specified by the partner should always be explicitly set to avoid problems in case Odette specifies a new default value.

images/download/attachments/21305852/Partner_38_2_EN-version-1-modificationdate-1544673795000-api-v2.png

(13) The directory, in which the received files or the files to be sent are stored. See also section Home Folders.

(14) The ISDN number under which Lobster_data/the partner system receives data via OFTP.

(15) The X.25 address under which Lobster_data/the partner system receives data via OFTP.

images/download/attachments/21305852/Partner_39_3_EN-version-1-modificationdate-1544677770000-api-v2.png

(16) Input field for the subject of the X.509 certificate to detect incoming partner certificates during the automated certificate exchange, e.g. *CN=OFTP2FIRMAX* or *CN=aaaa*. See the corresponding section below.

(17) Here, the name of the ODETTE TSL list is expected. This is the name of an ODETTE-maintained list of allowed certification authorities (CAs) to be accepted for automated certificate exchange. Practically, the value will always be OFTP2.

(18) The TLS encryption algorithm. This value should only be set to resolve TLS handshake issues.

(19) Here, the value can be set to 0 in virtually all cases (Credit Count, X.25 Window size, Exchange Buffer). Should other values be necessary in rare cases, please contact our support.

(20) See section Additional certificates/SFIDs below.

(21) An attempt is made to send a file TEST with the content TEST to the configured partner.

(22) Starts the pickup test (in the background) for the configured partner.

Note: The tests (14) and (15) always refer to the stored channel. Please save the channel before the test if you have made any changes.

Automatic Certificate Exchange

The exchange of local certificates in (2) and (3) can on the one hand be done manually, but it can also be carried out automatically. For this purpose, the checkbox (9) must be set.

Likewise, a partner can send you a certificate and you can enter it manually in (2) and (3). In addition, the OFTP protocol offers the possibility that the partner sends you such a certificate directly via this OFTP channel. If checkbox (9) is set and the subject in (16) matches, the partner certificate is automatically exchanged. Note: For the sake of understanding it should be mentioned that in the vast majority of cases you receive 'normal' data via OFTP, but in rare cases this data can also be a certificate (or up to 5 certificates). So the partner must tell you the appropriate subject before the exchange.

Additional Certificates/SFIDs

If checkbox (8) is not set, all incoming files via this channel will be accepted. If the checkbox is set, you can restrict the accepted files to certain SFID combinations. So a file will only be accepted if its SFID combination matches an entry in the following list.

images/download/attachments/21305852/Partner_52_EN-version-2-modificationdate-1560761113000-api-v2.png

(23) List of SFID combinations you have entered. Using the context menu, you can open, edit, delete and create an entry. See the following screenshot.

The local certificate selected in (2) is used by default both for SecAuth (11), as well as for the decryption of received data or the signing of sent data. Similarly, the partner certificate selected in (2) is used for the encryption of sent data and the signature check of received data. Only one local certificate and one partner certificate can be assigned here in the channel. However, here it is possible to assign individual certificates for these tasks for certain SFID combinations.

images/download/attachments/21305852/Partner_53_EN-version-2-modificationdate-1560761325000-api-v2.png

(24) and (25) Current (left column) and pending certificate (right column), analogous to (2) and (3).

(26) Here an individual local certificate for the encryption can be specified.

(27) Here an individual local certificate for the signing can be specified.

(28) Here an individual local certificate for the EERP signing can be specified.

(29) This whole area is for the corresponding individual partner certificates, analogous to (24)-(28). The specification of the subjects here is also used for the automatic exchange of partner certificates directly via the OFTP channel as described in the previous section. It should be noted that this exchange only occurs if the corresponding SFID combination is correct.