Cornerstone MFT Server can use Secure File Transfer Protocol (SFTP), a Host Key Authentication method which adds Secure Shell (SSH) protection to your data transfers. This is Public Key Infrastructure (PKI), which is the use of a key pair made up of a public and private key to encrypt data. The public key can be disseminated by the key pair owner, and any recipient can use it to encrypt data. That data can then only be decrypted by the matching private key the owner keeps secret.

Both the client and server using SFTP should generate a separate host key pair and exchange public keys. Both parties can then send encrypted data that can only be decrypted by the intended recipient.The client host key pair should be exported and sent to the Cornerstone Administrator in .pub format.Cornerstone will import it into the Host Key Database.

While it is possible to use the Host Key Management features in Cornerstone MFT to create user host key pairs for your clients, it is highly discouraged. It’s difficult to ensure the integrity of the transfer from the server computer to the client computer. If it is impossible to have clients create their own host keys, ensure your transfer is secure. Export the keys to an encrypted USB drive, or encrypt the files onto a DVD/CD ROM and physically hand deliver them to the client. Never email the host key files to the user. Email is natively unsecure; there is no way to ensure the integrity of the files during electronic transfer. Never share or send your private key to anyone; this will compromise the integrity of your host key pair. It’s good practice to password protect your private key as well, and Cornerstone MFT requires this.

Note that Cornerstone can only read OpenSSH format keys.

For more in-depth information on creating and configuring an SFTP server or creating, importing, and assigning host keys, see our Cornerstone SSH Host Key Authentication QuickStart.