Using GPG/RSA Encryption Keys to Guarantee the Privacy and Security of Your Reports

Background: 

In order to ensure the privacy and security of your Reports and Statements, IBKR offers the following file delivery options:

A. sFTP (Secure FTP) - Recommended solution

  • We can send you Reports using the sFTP (Secure FTP) protocol on non-standard TCP port 32.
  • sFTP is a network protocol that utilizes SSH (Secure Shell) for the transfer, management, and access of files through an encrypted data stream.
  • Key based authentication is required. You will authenticate against our sFTP server through a unique RSA - 2048-bit public/private key pair, generated directly by you. We will use only your public key as authentication method for our sFTP server. Since the two keys are mathematically linked, only the private key holder (you) will be able to access the data.
  • PGP encryption1 is optional.

B. Email with PGP (Pretty Good Privacy) Encryption

  • We can encrypt your Reports using PGP (Pretty Good Privacy) certificates and send you those reports via email.
  • PGP encryption1 is optional but recommended. If you opt to receive your Reports via email without encryption, any account sensitive data will be masked.

C. Plain FTP with PGP (Pretty Good Privacy) Encryption

  • We can send you Reports using the regular FTP protocol on standard TCP port 21.
  • PGP encryption1 is required. We can encrypt your Reports using PGP (Pretty Good Privacy) certificates.

Note 1: PGP encryption is based on a private/public key pair, which is unique and generated directly by you. We will use only your public key to encrypt your Reports. Since the two keys are mathematically linked, only the private key holder (you) will be able to decrypt the files.

 

To start the process, please select one of the options below according to the way you wish to access your Reports:

 

 

A. I Want to Receive my Reports via Secure FTP (sFTP)

When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:

1) Install a FTP application. There are many free FTP application suites that can be used, like FileZilla or WinSCP.

2) Generate a public/private RSA key pair. Please follow the procedure below according to the Operating System you use:

3) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:

  • Write "Attn. Reporting Integration Team" in the subject.
  • Write a short request for a IBKR hosted plain FTP in the message body
  • Write the IP Address(es) your connection will originate from in the message body
  • Paste the content (the alphanumeric string) of your RSA public key file in the message body

Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

4) IBKR will notify you within 1-2 business days, once your sFTP site has been set up.

5) Set your RSA key pair as authentication method for your sFTP client. Please follow the procedure below according to the Operating System you use:

 

B. I Want to Receive my Reports via Email with PGP Encryption

When electing to receive emails that contain encrypted data from IBKR, please follow the steps below:

1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:

2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
  • Write "Attn. Reporting Integration Team" in the subject
  • Paste the content (the alphanumeric string) of your PGP public key file in the message body
Alternatively, you can send an email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject and attach your PGP public key.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

3) IBKR will notify you once your public key was imported on our systems. You will then enable the encryption for email file delivery from your Client Portal.

4) Use your key pair to decrypt the emails with the encrypted attachment/s. Please follow the procedure below according to the Operating System you use:

 

C. I Want to Receive my Reports via FTP with PGP Encryption

When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:

1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:

2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
  • Write "Attn. Reporting Integration Team" in the subject
  • Write a short request for a IBKR hosted plain FTP in the message body
  • Paste the content (the alphanumeric string) of your PGP public key file in the message body

Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

3) IBKR will notify you once your public key has been imported on our systems. You will then enable the encryption for FTP file delivery from your Client Portal.

4) Access our FTP site and use your PGP key pair to decrypt the files you receive. Please follow the procedure below according to the Operating System you use:

 

Additional procedures

 

References

KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another