How to use SFTP (choosing algorithms)

In SSHFTPClient the algorithms that the client presents to the server for negotiation can be specified if required. The server will have its own set of preferred algorithms configured, and the protocol chooses one of the algorithms supported by both client and server.

A number of types of algorithms can be specified - the preferred public key algorithms that control the type of the server supplied public key (key-pair algorithms), the preferred cipher algorithms (used to encrypt data), the MAC algorithms (used to authenticate messages) , and the key-exchange algorithms (for establishing keys between client and server).

The latter two types (MAC and key-exchange) are beyond the scope of this documentation. SSHFTPClient is already configured with all its available algorithms. The main reason for modifying them is to restrict the algorithms being used.

The SSHFTPAlgorithm class defines the types of algorithms and lists the currently supported algorithms in edtFTPj/PRO. Various methods on SSHFTPClient list and control which algorithms are available.

To list all available algorithms of all types, use getEnabledAlgorithms. To disable all algorithms of all types, use disableAllAlgorithms.

Public key algorithms

Either DSA or RSA or both can be set for the preferred public key algorithms for server authentication. If, for example, RSA is set, the server will present an RSA public key to the client (if the server supports RSA keys of course - some servers do not). The code below illustrates how to set RSA only. It first disables all keypair algorithms, then enables RSA:

ftp.setAlgorithmEnabled(SSHFTPAlgorithm.KEY_RSA, true); 

The default is both DSA and RSA enabled.

Cipher algorithms

The cipher algorithms are the symmetric algorithms used to perform the encryption of the SFTP data and commands. The code below illustrates how to set triple DES as the cipher algorithm (disabling all others):

ftp.setAlgorithmEnabled(SSHFTPAlgorithm.CIPHER_3DES_CBC, true);

The default is all cipher algorithms enabled.