Administrators of interface services: Incomes Register will change SFTP encryption settings on 15 February 2021

6/17/2020

The Incomes Register will change the encryption settings of the technical interface's SFTP channel. All parties who administer the interface services connected to the Incomes Register system must take the stricter encryption algorithms into account in their own implementation. The changes will be taken into use in the Incomes Register's EXT testing environments on 9 November 2020. In production, they will become effective on 15 February 2021.

The new settings are updated in the 2021 document Technical interface – Application guidelines 2021 (pdf).

The Incomes Register's SFTP channel uses an SSH connection. The party's system must use version 2 of the SSH protocol to establish a connection. In order to establish connection, the system must support at least one algorithm in each four groups.

Key exchange algorithms:

  • curve25519-sha256@libssh.org
  • curve25519-sha256
  • ecdh-sha2-nistp521
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp256
  • diffie-hellman-group16-sha512
  • diffie-hellman-group15-sha512
  • diffie-hellman-group17-sha512
  • diffie-hellman-group18-sha512

Server's public key:

  • ssh-rsa
  • rsa-sha2-512
  • rsa-sha2-256

Encryption algorithms:

Integrity algorithms:

The server's public key and its seal are published on the page Interface's production addresses. The page also includes all the addresses of the Incomes Register's interface services.