Updated on November 20, 2024
The Partner Key Management (PKM) process is used by J.P. Morgan as a way to verify that the credentials submitted for activation on the Host-to-Host servers not only meet the requirements for validity period and key strength, but also that they have been submitted by persons duly authorized by the client.
Please note that J.P. Morgan Host-to-Host will replace our SSH keys and SSL certificates annually, while our PGP key will be replaced every 2 years.
To update your test SSL certificates, SSH keys, and/or PGP keys; please send an email with the key files attached to HostToHost.Helpdesk@jpmorgan.com and include your Partner ID.
For Production, there are three options for submitting renewal keys for inspection and approval.
a. You must have the Key Management entitlement for the applicable Host-to-Host Partner ID
b. These entitlements are managed by your company’s J.P. Morgan ACCESS Security Administrator.
a. If Certificate is used, the key file must be Ascii Armor signed with your current PGP key
a. Filenames must not contain spaces or special characters
b. SSH and PGP key filenames must have a .txt extension
c. SSL certificates must be in p7b format and extension
The use of Rapid Renewal is a secure submission process in which you use your existing credentials to submit new certificates.
Benefits include:
Rapid Renewal Process
<Partner ID>.TRANSPORT.IN.DAT (for SSH or SSL keys)
<Partner ID>.PAYLOAD.IN.DAT (for PGP keys)
a. The email will be sent to the contacts of record in Host-to-Host.
b. Please contact your J.P. Morgan Service representative to update these contacts.
a. The activation filename must be: <Partner ID>.ACTIVATE.IN.DAT.
b. The content of the activation file is structured XML, as shown below.
c. After the activation file has been successfully processed, you will receive an email, and your PGP key will be live.
d. The previous PGP key can no longer be used.
Activation File Contents
<?xml version="1.0"?>
<activateRapidRenewalKeyDetails>
<!—Replace ‘XXXXXX’ with your Partner ID. -->
<partnerID>XXXXXX</partnerID>
<keyType>PGP</keyType>
<!--This serialNumber is the last eight characters of the fingerprint, also called the short KeyID, of the PGP key to replace the ‘1A2B3C4D’ string below. Add '0x' at the start of the serial number if it is missing.-->
<serialNumber>0x1A2B3C4D</serialNumber>
</activateRapidRenewalKeyDetails>
If you do not meet the criteria for Rapid Renewal, the email submission process must be used as described below. The J.P. Morgan Security Services (IMSD) group will action only those requests received from authorized individuals listed as Security Administrators using the Security Administration Designation Form (SADF). Using the SADF, you will identify the individuals with their names, mailing addresses, signatures, phone numbers and email addresses. IMSD cannot disclose security administrator or SADF information, so please contact your J.P. Morgan client service representative for further assistance with this requirement.
Email Submission Process (Requires two Security Administrators)
The email request must be received at least five days prior to the key implementation date.
Requests are actioned Monday through Friday, 8:00 a.m. to 1:00 a.m. Eastern Time.
a. If the key/certificate is approved, IMSD will forward the approved keys for installation.
i. You will then be informed of receipt of the key file via email and the scheduled date and time for the action to take place will be confirmed or requested.
b. If the key is not approved, IMSD will notify you directly via email to indicate the rejection reason(s) and provide steps to remediate the issue, copying the associated service representatives for awareness.
J.P. Morgan
IMSD Security Operations: Key Management
Fax: 813-649-8367
Email: IMSD.Security.Operations@jpmorgan.com
Contact the Solution Center Transmissions Support team at 978-805-1200, or by emailing HosttoHost.helpdesk@jpmorgan.com, with any questions about the J.P. Morgan Host-to-Host platform. Representatives are available to assist you, 24 hours a day, Monday through Friday. Government, municipal and public sector clients should call 844-718-0643. Please note that the support team cannot advise clients on specific actions needed to make required changes to their systems. Clients should contact their application vendors for assistance.