This topic describes how to implement Axway Trusted File encoding. Transfer CFT in conjunction with Trusted File enables you to send encoded files in S/MIME, CMS, and OpenPGP format, for increased security for data exchanges. To initiate this additional security, Transfer CFT delivers a set of samples and certificates to implement Trusted File in your environment. To get started using Trusted File with Transfer CFT, read the following sections:

The topic Delivered files and certificates describes the scripts, conversion tables, files and samples delivered with Transfer CFT.


  • TrustedFile is not supported on 64-bit versions of Windows-x86 and Windows-ia64.
  • You cannot use Central Governance to manage TrustedFile functionality with Transfer CFT.

Before you start

In Transfer CFT you use the CFTTF utility, referred to as XPPTF in Trusted File, to perform secured exchanges. To use this functionality your Transfer CFT key must include the Trusted File option. The Transfer CFT key is located in the file: $CFTDIRRUNTIME/conf/cft.key. If your product key does not include the Trusted File option if you try to execute the CFTTF program, an error will occur and an error message is displayed in the CFTLOG file: CFTR19E XPPCFG_Error_#20:_Invalid_product_key.

Transfer CFT delivers useable examples that automatically implement Trusted File in your preprocessing and post processing flow. The next section describes the delivered samples.

Understanding the delivered sample configuration file

The Transfer CFT sample configuration file conf/cft-tcp.conf includes the TrustedFile IDF as shown here.

  • The delivered procedures are called during the preprocessing phase to encode the file (tf_and cipher.cmd), and delete the encoded file after sending (tf_delfile.cmd).
  • The post processing script decodes on the receiving side (tf_decipher.cmd).

Defining the unified configuration parameters

The Transfer CFT installation process automatically sets the following Transfer CFT unified configuration parameters to enable TrustedFile functioning. For information on uconf, see About the Unified Configuration.

Parameter (uconf) Default values Description
tf.proofslocation <HOME>/Axway/Transfer_CFT/runtime/data/tf References the absolute path to the directory that the product uses to generate proofs
tf.proofsenabled yes Indicates whether proofs are enabled or not. This field takes the value yes or no (yes by default). If the value is set to no, the generation of proofs is deactivated
tf.messageslocation <HOME>/Axway/Transfer_CFT/home/distrib/tf/english Indicates whether proofs are enabled or not. This field takes the value yes or no (yes by default). If the value is set to no, the generation of proofs is deactivated
tf.entitieslocation $HOME/Axway/Transfer_CFT/runtime/conf/tf/entities.xml

Indicates the Trusted File configuration path.

If the tf.entitieslocationtype is:

  • Local: Points locally to the entities.xml file by default
  • Remote: Configures the PassPort PS server host and listening port. Enter the same values that are used in the unified configuration for the following PassPort values:
    <xppServer host=" pki.passport.hostname">, <xp3Protocol port=" pki.passport.port">
    Example<xppServer host="">, <xp3Protocol port="7000">

See Unified Configuration: PKI PassPort PS.

tf.entitieslocationtype local

Defines the type of Trusted File configuration. The configuration path is defined in tf.entitieslocation.

  • Local: Indicates that Trusted File is configured in standalone mode (locally)
  • Remote: Indicates that Trusted File is configured with PassPort PS using the PassPort PS host and listening port
tf.defaultlocalcharset ISO-8859-1 Default character set for the platform
tf.transcodingtablelocation <HOME>/Axway/Transfer_CFT/runtime/conf/tf/transcoding.tbl Absolute path to the character set conversion reference table
tf.overwritemode enable Defines how Axway TrustedFile behaves when it must open an existing plain file, acknowledgement or envelope in write mode. If this element is set to the value yes or enable, Axway TrustedFile overwrites the existing output files. Otherwise, it does not open the files and interrupts the current operation with an error message. Its default value is enable
tf.enablepasswordcipher yes Indicates that entities passphrases, either in the entities definition file (entities.xml) or in the operation description file, are stored in a ciphered format.

Command example

Use the SAPPL variable to define the type of security format to use to encode the file. Note that you must use the same security format as your partner (possible values are CMS, PGP, and S/MIME).


To encode/decode messages using PGP, use the format:

CFTUTIL send part=loop,idf=trusted_file, SAPPL=pgp

Not supported

When using TrustedFile with Transfer CFT, some TrustedFile functionalities are not delivered or available as described in the TrustedFile documentation. These include:

  • Overview: Graphical user interface (not delivered in the package)
  • Configuration sample: Encoding and decoding files with Java API
  • C-API

Related topics

Related Links