Generate RSA Key Pair on Windows

Those instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements in that way, you would first need to generate an RSA Key pair. Here is how to do that:

1. Download WinSCP and PuTTYgen.

2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.

3. Start WinSCP and PuTTYgen.

4. On Puttygen, click Generate.  Enter your sFTP username in the Key Comment field, select RSA as Type of key to generate, 2048 as Number of bits in generated key and click on the button Generate.

5. Click on "Save private key" and give the file a name (like private). Leave the extension as .ppk  ('ale.ppk', in the picture below is an example filename):

6. Open WinSCP, create a new connection and:
  • Select SFTP as File protocol.
  • Enter xfer.interactivebrokers.com in the Host name field.
  • Enter 32 in the Port number field.
 
7. Click on the button Advanced.

8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):

9. Click on the button Display public key:
 
10. Click on the button Copy Key.

11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:


12. Send the file you saved at the previous step as an email attachment to Sales Engineering team.
In the same email, please indicate as well all IP Addresses from which you will access our SFTP Server so we can whitelist them. Please include as well your Account number in the email Subject.
 
13. In the WinSCP Window, click on "OK" in the information pop-up showing the key, then "OK" in the Advanced Site Settings screen, then click on Save to save the new connection you have created.
 
14. Once the IB Sales Engineering Team has configured the parameters for your connection on our servers, you will be able to access your SFTP repository by using the connection you have created.
 
Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Decrypting Reports using your PGP Key pair on macOS

Note: this tutorial assumes you have received Reports via email that were encrypted with the public key you sent us. If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.

1. Open Finder

2. Right click on the .gpg file you want to decrypt

3. Select Services > OpenPGP: Decrypt File

 

Common Issues/Questions

  • Decryption failed with error 'No Secret Key'

This is commonly caused when the wrong encryption key is used to decrypt the file.  If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer

If the above does not help, then a new public/private key pair needs to be created and sent to us.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Generate a key pair using GPG Suite on macOS

If you elected to receive your statements in an encrypted form, you would first need to generate a RSA Key pair. Here is how to do that:

1. Download the GPG Suite for macOS

2. Double click on the downloaded installation file

3. Click on Install

4. Click Continue

5. Click on Install

6. Click Install

Note: By default the installation includes an add-on for Apple Mail called GPG Mail. If you don't use Apple Mail and do not need this add-on, you can de-select it during this step

7. Click on Close

 

8. Launch GPGTools. The Create new key pair dialog box should automatically open. Input your Full Name, your Email and choose a Password. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated again.
 
9. Expand Advanced options and make sure that:
Key type is set as RSA and RSA
Length is set to 2048
Key expires checkbox is NOT activated
 
10. Click on the button Create Key
 

11. Once the key pair is created it will be listed in your Key ring. Right click on it and select Export...

12. Choose a location to save the key pair in the Where field and make sure the checkbox Include secret key in exported file is deactivated. Click on Save.

13. You will receive a prompt indicating that the key pair was created successfully. Click on No, Thanks! to prevent uploading the public key to the PGP servers.

14. Open Finder and go to the location you selected for saving the public key (at point 12).

15. Send the public key file as email attachment to the Sales Engineering team. Include your account number in the email Subject. If you are creating the key to access our sFTP service, please make sure to include in the email the IP Address/es your connection will originate from so we can whitelist them.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Generate a key pair using GPG for Windows

Generate a key pair using GPG for Windows

1. Download the GPG Installer for Windows

2. Run the installer, and make sure to tick GPA as one of the sub components to include

3. Start the GPA program

 
4. Click Generate Key when you see the below screen
 
 
5. Enter your full name
 
 
6. Enter your full email address
 
 
7. You will be asked to enter a pass phrase for your key and once you enter it, you will be asked to enter it once again to confirm on another dialog window. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated again.
 
8. A directory browser window will appear asking you to specify the location of the backup of your secret key. If may or may not look like the below image. You secret key is used to decrypt the sensitive information we send to you
 
9. Once you have created your key and saved a backup, you should see the main screen. If the program crashes or something else happens, you can always start the GPA program again. Now take a look at the main screen of the GPA program, you should see you key listed there, similarly to the image below. Please make sure the key never expires and is of a type RSA 2048 bit
 
 
10. Export your public key to a file. Select the key from the list with a single left click of the mouse. Then right click and choose export.
 
11. Navigate to the directory where you want to save your backup key. Choose a name such as publickey.asc then click Save. 
 
12. You will receive a message confirming where the key was exported. Click the Close button on this dialog
 
 
13. Finally open the Windows File Explorer and navigate to the directory. Send the public.asc file to us as an email attachment to salesengineering@ibkr.com Include your account number in the email Subject
 
 
 
References

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

 

 

Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports

Background: 

Interactive Brokers lets you decide how you want to ensure the privacy and security of your Reports and Statements. We offer the following options:

  • We can encrypt your Reports using PGP (Pretty Good Privacy) certificates and send you those reports via email. PGP is based on a private/public key pair, which is unique and generated directly by you. We will use only your public key to encrypt your Reports. Since the two keys are mathematically linked, only the private key holder (you) will be able to decrypt the files.
  • We can send you clear text (not encrypted) Reports and Statements using the Secure FTP (sFTP) protocol. sFTP is a network protocol that utilizes SSH (Secure Shell) for the transfer, management, and access of files through an encrypted data stream. You will authenticate against our sFTP server through a unique RSA - 2048 bit public/private key pair, generated directly by you. We will use only your public key as authentication method for our sFTP server. Since the two keys are mathematically linked, only the private key holder (you) will be able to access the data.

 

To start the process, please select one of the options below according to the way you wish to access your Reports:

 

I want to receive my encrypted statement/s via email

When electing to receive emails that contain encrypted data from IBKR, you will need to:

1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:

2) The IBKR Sales Engineering Team will set the parameters for the file encryption. This will ensure the public key you sent us is used for encrypting your files.

3) Once you have started receiving the emails with the encrypted attachment/s, you can use your key pair to decrypt them. Please follow the procedure below according to the Operating System you use:

 

I want to use the Secure FTP (sFTP) system to access my repository and download the clear text (not encrypted) statement/s

When electing to receive your Reports through the IBKR hosted sFTP, you will need to:

1) Install a FTP application. There are many free FTP application suites that can be used. One example is FileZilla

2) Generate a public/private RSA key pair and send us your public key along with the IP Address/es your connection will originate from. Please follow the procedure below according to the Operating System you use:

3) The IBKR Sales Engineering Team will set the parameters for the sFTP connection. This will ensure the public key you sent us is used for encrypting the sFTP data stream

4) Once the IBKR Sales Engineering Team has set up your SFTP repository, you can set your RSA key pair as authentication method for your sFTP client. Please follow the procedure below according to the Operating System you use:

 

Additional procedures

 

References

KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 

 

How to solve: "Another user is running Tax Optimizer"

Background: 
How do I launch the Tax Optimizer?
To launch Tax Optimizer, login to Client Portal and select Reports followed by Tax Documents. Once you have selected a Day, click on Launch Tax Optimizer. For additional details, please consult the Client Portal Users' Guide
 
Requirements:
  • Tax Optimizer requires the presence of a Java Runtime Environment (JRE) installed on your machine. Should you not have a JRE installed, please go to the web page java.com and install the latest one by clicking the button "Free Java Download". Please follow the instructions on the Java download page to complete the installation.
  • Your operating system should be configured to open the .jnlp files within the Java Runtime Environment. This configuration should be automatically set during the JRE installation. If, for some reason, the file association is broken, we recommend to reinstall the JRE to instate it again.

 

How to overcome the error message "Another user is running Tax Optimizer"?

1. Log in to the IBKR Client Portal
 
2. Click the "Profile icon" in the upper right corner of the IBKR Client Portal and click on Log Out
 
3. Continue selecting one of the two options according to your operating system:

 

If you use Windows

a. Press CTRL + ESC on your keyboard
 
b. Start directly typing the word "Java" and then click on Configure Java from the search results
 
c. In the Java Control Panel, click on Settings...
 
d. Click on the Delete Files...
 
e. This will open Delete Files and Applications window. Check all options listed, then click on OK
 

f. Once you have cleared your Java cache, log back into the Client Portal and try launching Tax Optimizer again. You should now be able to open the application. If you are still not able to launch the Tax Optimizer and you receive the same error as before (Another user is running Tax Optimizer), please perform the additional steps below:

g. Press the key combination Win(Windows Key) + E  and navigate to the directory: C:\Users\<your windows user>\ibto

 
h. Select all files in the ibto folder, right-click on the selection and choose Send to > Compressed (zipped) folder. The zipped file will be created in the same ibto directory
 
i. Compose a New Ticket in the Message Center, informing us of this issue. Please attach the Zip file you created at the previous step (h.) to your ticket
 
 
 

If you use Mac OS

a. Click on Apple icon on the top left and select System Preferences
 
b. Click on the Java icon located at the bottom to open the Java Control Panel
 
c. In Java Control Panel, navigate to Web Settings > Temporary Files Settings, then click on Delete Files
 
d. This will open the Delete Files and Applications window. Check all options listed, then click on OK
 

e. Once you have cleared your Java cache, log back into the Client Portal and try launching Tax Optimizer again. You should now be able to open the application. If you are still not able to launch the Tax Optimizer and you receive the same error as before (Another user is running Tax Optimizer), please perform the additional steps below:

 

f. Press the key combination CMD + SHIFT + H, then go to folder ibto
 
g. Select all files in the ibto folder, right-click and select Compress 6 ItemsThe zipped folder will be created in the same directory
 

h. Compose a New Ticket in the Message Center, informing us of this issue. Please attach the Zip file you created at the previous step (g.) to your ticket

 

References:

 

Create a Custom Statement with Lot Details

Overview: 

You can create a statement with Lot Details through the Custom Statements screen in Client Portal/Account Management.

New Client Portal

1. Click Reports > Statements.

The Statements screen will populate.

2. In the Custom Statements panel, click the + icon.

The Activity Statement Template screen will populate.

3. Click the + icon to create a new statement template.

4. In Activity Statement Details, enter a name for your custom statement, and select an output format and language. It will ask you to select a time Period as well, but this can be modified when you run the statement.

5. In Sections, click each section that you want to appear in your custom statement. Selected sections will appear with a check mark. The Open Positions section is where Lot Details will be located, so be sure to choose this option.

6. In Section Configurations, please select which options you wish to turn on in your custom statement. In order to ensure Lot Details are on the statement, select “NO’ for “Hide Details for Positions, Trades, and Client Fees Sections?”.

7. Click CONTINUE.

8. Review your statement template and click Create.

You can now run your new custom statement from the Run a Statement panel on the Statements screen.

 

Classic Account Management

1. Click Reports > Activity > Statements.

The Statements screen will populate.

2. Click on the blue “Customize Statements” header.

The Customize Statements section will expand/populate.

3. Select “Create New” from the first drop down menu, and enter a name for your custom statement in the “Statement Name” field.

4. In Default Sections, click each section that you want to appear in your custom statement. Selected sections will appear with a check mark. The Open Positions section is where Lot Details will be located, so be sure to choose this option.

5. In Section Configurations, please select which options you wish to turn on in your custom statement. In order to ensure Lot Details are on the statement, UNCHECK THE BOX for “Hide Details for Positions, Trades, and Client Fees sections”.

6. Select your Profit and Loss Type, Statement Type (should be Activity Statement), Account number(s), Activity Period, Format, and Language from the drop down menus. While the system does ask you for a preferred Activity Period, this can be modified when you run the statement.

7. Click Save.

You can now run your new custom statement from View Statements panel on the Statements screen by selecting your new custom statement from the “Statements” drop down menu.


 

How to update the US Social Security Number (SSN) or Individual Taxpayer Identification Number (ITIN) on your account

Background: 

If you have been informed or believe that your account profile contains an incorrect US SSN/ITIN, you may simply log into your Account Management to update this information. Depending on your taxpayer status, you can update your US SSN/ITIN by modifying one of the following documents:

1) IRS Form W9 (if you are a US tax resident and/or US citizen holding a US SSN/ITIN)

2) IRS Form W-8BEN (if you are a Non-US tax resident holding a US SSN/ITIN)

Please note, if your SSN/ITIN has already been verified with the IRS you will be unable to update the information. If however the IRS has not yet verified the ID, you will have the ability to update through Account Management. 

 

How to Modify Your W9/W8

1) To submit this information change request, first login to Account Management

2) Click on the Settings section followed by Account Settings

 

3) Find the Profile(s) section. Locate the User you wish to update and click on the Info button (the "i" icon) to the left of the User's name

 

4) Scroll down to the bottom where you will see the words Tax Forms. Next to it will be a link with the current tax form we have for the account. Click on this tax form to open it

 

5) Review the form. If your US SSN/ITIN is incorrect, click on the UPDATE button at the bottom of the page

 

6) Make the requisite changes and click the CONTINUE button to submit your request.

 

7) If supporting documentation is required to approve your information change request, you will receive a message.  Otherwise, your information change request should be approved within 24-48 hours.

Common Reporting Standard (CRS)

The Common Reporting Standard (CRS), referred to as the Standard for Automatic Exchange of Financial Account Information (AEOI), calls on countries to obtain information from their financial institutions and exchange that information with other countries automatically on an annual basis. The CRS sets out the financial account information to be exchanged, the financial institutions required to report, the different types of accounts and taxpayers covered, as well as common due diligence procedures to be followed by financial institutions. For more information about CRS, please visit the OECD website.

Interactive Brokers entities comply with the requirements of CRS as implemented in the jurisdictions where they are located, and report account information to the applicable government authorities. Clients reported by Interactive Brokers under CRS will receive a CRS Client Report in the Client Portal shortly after the reporting deadlines specified below. The CRS Client Report provides an overview of the information that was reported by Interactive Brokers.

  • What information is reported under CRS:
    • Account number
    • Name
    • Address
    • Tax ID Number
    • Tax residency country
    • Date of birth
    • Year-end account balance
    • Gross proceeds (all sales)
    • Interest income
    • Dividend income
    • Other income
  • When and where is the information reported:
    • Interactive Brokers Australia Pty. Ltd. reports to the Australian Taxation Office (ATO) by July 31.
    • Interactive Brokers Canada Inc. reports to the Canada Revenue Agency (CRA) by May 1.
    • Interactive Brokers Central Europe Zrt. reports to the National Tax and Customs Administration of Hungary (NAV) by June 30.
    • Interactive Brokers Hong Kong Limited reports to the Inland Revenue Department of Hong Kong SAR (IRD) by May 31.
    • Interactive Brokers India Pvt. Ltd. reports to the Reserve Bank of India/Central Board of Direct Taxes (RBI/CBDT) by May 31.
    • Interactive Brokers Ireland Limited reports to the Office of the Revenue Commissioners of Ireland by June 30.
    • Interactive Brokers Securities Japan Inc. reports to the National Tax Agency of Japan (NTA) by April 30.
    • Interactive Brokers Singapore Pte. Ltd. reports to the Inland Revenue Authority of Singapore (IRAS) by May 31.
    • Interactive Brokers U.K. Limited reports to Her Majesty's Revenue and Customs of the United Kingdom (HMRC) by May 31.
  • Additional Notes:
    • Information relating to clients of Introducing Brokers is not reported by Interactive Brokers. Introducing Brokers are responsible for their own reporting under CRS.
    • Accounts held by Interactive Brokers LLC are not reported under CRS as the United States has not signed the CRS.

Market Data Non-Professional Questionnaire

Overview: 

Insight into completing the new Non-Professional Questionnaire.

Background: 

The NYSE and most US exchanges require vendors to positively confirm the market data status of each customer before allowing them to receive market data. Going forward, the Non-Professional Questionnaire will be used to identify and positively confirm the market data status of all customer subscribers. As per exchange requirements, without positively identifying customers as non-professional, the default market data status will be professional. The process will protect and maintain the correct market data status for all new subscribers. For a short guide on non-professional definitions, please see ibkb.interactivebrokers.com/article/2369.

Each question on the questionnaire must be answered in order to have a non-professional designation. As exchanges require positive confirmations of proof for non-professional designations, an incomplete or unclear Non-Professional Questionnaire will result in a Professional designation until the status can be confirmed. 

If the status should change, please contact the helpdesk.

Explanation of questions:

1)    Commercial & Business purposes

a)    Do you receive financial information (including news or price data concerning securities, commodities and other financial instruments) for your business or any other commercial entity?

Explanation: Are you receiving and using the market data for use on behalf of a company or other organization aside from using the data on this account for personal use?

b)    Are you conducting trading of any securities, commodities or forex for the benefit of a corporation, partnership, professional trust, professional investment club or other entity?

Explanation: Are you trading for yourself only or are you trading on behalf of an organization (Ltd, LLC, GmbH, Co., LLP, Corp.)?

c)    Have you entered into any agreement to (a) share the profit of your trading activities or (b) receive compensation for your trading activities?

Explanation: Are you being compensated to trade or are you sharing profits from your trading activities with a third party entity or individual?

d)    Are you receiving office space, and equipment or other benefits in exchange for your trading or work as a financial consultant to any person, firm or business entity?

Explanation: Are you being compensated in any way for your trading activity by a third party, not necessarily by being paid in currency.

2)    Act in a capacity

a)    Are you currently acting in any capacity as an investment adviser or broker dealer?

Explanation: Are you being compensated to manage third party assets or compensated to advise others on how to manage their assets?

b)    Are you engaged as an asset manager for securities, commodities or forex?         
 

Explanation: Are you being compensated to manage securities, commodities, or forex?

c)     Are you currently using this financial information in a business capacity or for managing your employer’s or company’s assets?

Explanation: Are you using data at all for a commercial purposes specifically to manage your employer and/or company assets?

d)    Are you using the capital of any other individual or entity in the conduct of your trading?

Explanation: Are there assets of any other entity in your account other than your own?

3)    Distribute, republish or provide data to any other party

a)    Are you distributing, redistributing, publishing, making available or otherwise providing any financial information from the service to any third party in any manner?

Explanation: Are you sending any data you receive from us to another party in any way, shape, or form?

4)    Qualified professional securities / futures trader

a)    Are you currently registered or qualified as a professional securities trader with any security agency, or with any commodities or futures contract market or investment adviser with any national or state exchange, regulatory authority, professional association or recognized professional body? i, ii
YES☐             NO☐

i) Examples of Regulatory bodies include, but are not limited to,

  • US Securities and Exchange Commission (SEC)
  • US Commodities Futures Trading Commission (CFTC)
  • UK Financial Service Authority (FSA)
  • Japanese Financial Service Agency (JFSA)

ii) Examples of Self-Regulatory Organization (SROs) include, but are not limited to:

  • US NYSE
  • US FINRA
  • Swiss VQF 
Syndicate content