1 of 1 people found this helpful
As long as the application (MFT) doesn't need to actively decrypt/encrypt the private key as it reads it, so I don't see a problem with this.
I.e. If the encryption/decryption was managed by the OS and applications don't need to take part so MFT would be fine.
But if you need MFT to decrypt/encrypt the private key file as it was being read, I don't think that is possible with the current version. I'm not aware of a user-exit that can be enabled to have MFT perform any customized actions while it was reading the private key.
BTW, the new Centralized Connection Profile(CCP) feature coming in v20, which supports MFT CPs, stores CPs in the EM and CTMS databases. It therefore may also include storing the private key in the database and then the need to encrypt the keys at rest on the file system goes away. Might be worth asking someone from BMC to confirm if storing the MFT Private SSH Keys in the EM/CTMS DBs will be part of CCP?
Thank you Bentze. I'll check with BMC about how this is handled in V20....