Private key authentication

Private key authentication (PKA) allows you to connect to your Trading Partner's remote server without exchanging your password over the Internet. PKA uses two keys: a private key that only you have, and a public key placed on the accessing server, usually by your Trading Partner's system administrator when the account is set up. In the VersaLex application, the private key portion is maintained securely in a User Certificate protected with the Certificate Password. The Certificate Alias specifies the desired User Certificate to use for PKA.

Note: You must provide your Trading Partner with the corresponding SSH Public Key using the Certificate Manager. Using options Export >OpenPGP or SSH FTP Keys select either the OpenSSH FTP Public Key or SSH FTP Public Key (IETF) format. Do not select and send the SSH FTP Private Key format to your Trading Partner.

Alternatively, you can use an existing private key file. This file should be stored in a secure place and protected with a password. This feature is applicable only if you have an existing SSH private key for authentication with your Trading Partner and you are using JRE1.3. SSH private keys have no standard format. OpenSSH, SSH FTP Public Key (IETF), PuTTY, and ssh.com all have different proprietary formats. A private key generated with one cannot immediately be used with another. The VersaLex application supports both OpenSSH and SSH FTP Public Key (IETF) private key file formats. If the private key is in a format not supported by the VersaLex application, you should export if from the application that created it in an OpenSSH format. To determine the format of your key you can simply open it using a text editor and compare it to the partial example formats listed below.

Table 1. Supported Private Key Formats
Type	Partial Example
IEFT (DSA)	---- BEGIN SSHTOOLS ENCRYPTED PRIVATE KEY ---- Comment: 1024-bit DSA Subject: John Doe AAAACDNERVMtQ0JD3yrqcRRh1OwAAAFQof0uP52Ya5iOnuVm1+G+o9TpQwXrOQfjPp0w8+GQ9uJ7
IETF (RSA)	---- BEGIN SSHTOOLS ENCRYPTED PRIVATE KEY ---- Comment: 1024-bit RSS Subject: Jonh Doe AAAACDNERVMtQ0JDEOMMw0wR0TwAAAEoUYoVJjvLn7lEnvusvbovpjscf1EDkJOMLX7HUddw8k9f
OpenSSH (RSA)	-----BEGIN RSA PRIVATE KEY----- MIICWwIBAAKBgQDzl7h/4lkzqSPR5GhpwYr5MmUL6IeiY9TAsA24dA3Xa45a0JIQ
OpenSSH (DSA)	-----BEGIN DSA PRIVATE KEY----- MIIBuwIBAAKBgQD42waNRIv7eJQoTR1PSQt+A2o8F9P1pGKLaLyw/rAg8N4FEHIN

Table 2. Unsupported Private Key Formats
Type	Partial Example
PuTTY	PuTTY-User-Key-File-2: ssh-rsa Encryption: none Comment: rsa-key-20070808 Public-Lines: 4 AAAAB3NzaC1yc2EAAAABJQAAAIBw8VeSCq0goiOwWqrlMu7H+N1QXAcBPdmvYttw
SSH.COM	---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---- Comment: "rsa-key-20070808" P2/56wAAAiwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS

Table 2. Unsupported Private Key Formats

Type

Partial Example

PuTTY

PuTTY-User-Key-File-2: ssh-rsa
Encryption: none
Comment: rsa-key-20070808
Public-Lines: 4
AAAAB3NzaC1yc2EAAAABJQAAAIBw8VeSCq0goiOwWqrlMu7H+N1QXAcBPdmvYttw

SSH.COM

---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ----
Comment: "rsa-key-20070808"
P2/56wAAAiwAAAA3aWYtbW9kbntzaWdue3JzYS1wa2NzMS1zaGExfSxlbmNyeXB0e3JzYS