How to set up sFTP for using Certificate Authentication on Linux

These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.

There are many Linux distributions and there are multiple methods to access the IBKR sFTP server. sFTP clients such as Filezilla can be used. In this article we explain how to realize the connection to the IBKR FTP server using Ubuntu Linux and Filezilla.

 

  • How to generate an RSA Key pair

1. On your Linux machine, click on the Applications icon in the bottom left corner of you screen.

2. In the search box, type terminal and then click on the Terminal icon in the search results.
 
3. In the Terminal window, type sudo apt-get install filezilla putty-tools in order to install the required software. Enter your sudo password when requested.


4. Once the software installation is complete, type puttygen -t rsa -b 2048 -o privatekey.ppk in order to generate the RSA Key pair.
You will be asked to enter a passphrase and type it again to confirm.
PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
 
5. Type puttygen -L privatekey.ppk -o public.key in order to export the public part of the Key pair to the file public.key


6. Click on the Applications icon in the bottom left corner of your screen.
 
7. In the search box, type FileZilla and then click on the FileZilla icon in the search results.

8. Click on the FileZilla top menu File -> Site Manager...
 
9. In the Site Manager window, click on the button New site to create a new connection.
 
10. In the right panel (called General):
  • Select SFTP - SSH File Transfer Protocol as Protocol
  • Enter xfer.interactivebrokers.com in the Host field
  • Enter 32 in the Port field
  • Select Key file as Logon Type
  • Enter the username provided to you by Interactive Brokers in the User field
 
11. Click on Browse next to the Key file field.
 
12. Move to the folder where your Key pair was created (normally your user folder: /users/yourusername/). Select the file privatekey.ppk and click on the Open button. This will set it as the Key file in your connection parameters.
 
13. Click on Rename and select a name of your preference for this connection (e.g. IBKR sFTP). Press Enter to confirm the name.
 
14. Click on OK to save your connection parameters.
 
15. Click on the folder icon on the left hand toolbar of your Desktop. This will launch the File application.
 
16. Move to the folder where you saved your Key pair (normally your user folder: /users/yourusername/). Right click on the file public.key and select Send to...
The file will be attached to an empty email. Send the email to the Reporting Integration Team, as per IBKB3842.
Important Note: do NOT send us your private key. Send us only your public one

 

  • How to connect to our sFTP Server

Once IBKR has configured the parameters for your connection on our servers, you will be notified. After that, you will be able to access your sFTP repository by using the Site connection you have created in FileZilla. In case you have not yet set up a Site connection, please follow the steps from 6. to 14. which are a prerequisite to the below steps:

1. Click on the Applications icon in the bottom left corner of you screen.
 
2. In the search box, type FileZilla and then click on the FileZilla icon in the search results.
 
3. On the FileZilla top toolbar, click the down arrow icon and select the Site connection you previously created (e.g. IBKR sFTP)
 
4. FileZilla will now establish a connection to our sFTP Server and show the files present in your repository.

 

Common issues and solutions

A. The Login Credentials Provided are Incorrect
  1. Ensure the correct login details are being used to connect to the sFTP server. The username and password you are entering should match the ones you have received from the Reporting Integration Team.
  2. Confirm you have configured your sFTP Client to use the Private Key file for the logon authentication (see steps 9. and 10. of the above procedure.)
B. Server Refused Our Key
  1. Try accessing the sFTP server using a different Client (CyberDuck, ect.)
  2. Ensure the Private Key file being used to Authenticate the server login attempt is related to the Public Key you originally sent to the Reporting Integration Team.
  3. Should the above checks be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the Public part to the Reporting Integration Team, as per IBKB3842.
C. Connection Timed Out
  1. In case you have an antivirus or a security software installed on your machine, make sure it is not blocking the FTP connection attempt. Normally, security software allows to set up exceptions for specific connections in order to whitelist them.
  2. Verify that the public IP Address of the machine running the sFTP client, is the same you have originally provided to the Reporting Integration Team for being whitelisted. You can discover your public IP Address by searching the Internet for “what is my IP”. If your current IP Address is not the same you provided to us, please send it to our Reporting Integration Team for being whitelisted.
  3. Ask your network administrator/s to confirm that your firewall allows both incoming and outgoing traffic from/to xfer.interactivebrokers.com on port TCP 32.
  4. Should the above steps be unable to resolve the issue, please generate a new RSA Public/Private Key pair and send only the new Public part to our Reporting Integration Team, as per IBKB3842.

 

References

KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another

 

Les résidents non américains sont-ils soumis à une retenue fiscale ?

Overview: 

 

Les informations concernant les obligations fiscales sont communiquées, le cas échéant, aux autorités fiscales de votre pays de résidence ainsi qu’à d’autres pays si vous négociez des produits soumis à des exigences fiscales locales.  Sauf instruction spécifique d’une autorité fiscale, IBKR ne prélève pas d’impôts sur le produit des ventes de titres. Nous sommes tenus par la loi fiscale américaine, par exemple, de retenir les impôts américains sur les dividendes versés par les entreprises américaines aux personnes étrangères à un taux de 30 %. Ce taux peut être inférieur si les États-Unis ont conclu une convention fiscale avec votre pays. De plus, les revenus d’intérêts de placement ne sont pas soumis à la retenue fiscale américaine. Toutes les retenues pour les personnes et la plupart des entités non américaines seront déclarées sur le formulaire 1042-S à la fin de chaque année. Pour plus d’informations, veuillez consulter la publication IRS 901 et/ou votre conseiller fiscal.

Que représente la ligne Annulation des intérêts courus dans le Relevé d'activité ?

Overview: 

Chaque jour, IBKR calcule et déclare dans la section Intérêts courus du relevé d'activité une prévision ou une accumulation d'intérêts gagnés ou à payer pour la période du relevé. Autour de la première semaine de chaque mois, les intérêts accumulés au cours du mois précédent sont « annulés » et les intérêts réels pour le mois sont affichés dans la section Rapport d'espèces. Ces annulations, qui se produisent une fois par mois, peuvent être proches de l'intérêt réel, bien qu'elles puissent ne pas être toujours exactement égales puisque les charges à payer sont une prévision de l'intérêt réel. 

Les détenteurs de compte doivent aussi noter que les intérêts courus ne sont affichés pour une période de déclaration donnée que lorsque le montant dépasse 1 $, positif ou négatif. Les soldes inférieurs à 1 $ sont conservés et affichés une fois que le montant dépasse 1 $ (lorsqu'ils sont groupés avec les charges futures à payer).

Pourquoi la section Rapport de liquidités de ma déclaration d'activité indique un transfert interne entre les titres et les matières premières ?

Pour des raisons réglementaires, IBKR est tenu de séparer les actifs en titres au sein de votre compte d’actifs en matières premières. Ces actifs en matières premières peuvent inclure la valeur de marché d’options sur positions à terme, plus toute liquidité requise comme marge en raison des contrats à terme sur matières premières et des options sur positions à terme.  L’exigence de marge sur vos positions en matières premières sera régulièrement recalculée et si cette exigence diminue, l’excédent de liquidités requis en tant que marge sur matières premières sera transféré du côté matières premières vers le côté titres de votre compte. De même, si l’exigence de marge sur les matières premières venait à augmenter, IBKR transférera les liquidités disponibles du côté des titres vers le côté des matières premières. Étant donné que l’assurance SIPC est fournie aux actifs du côté titres de votre compte mais pas aux matières premières, ce transfert régulier est effectué pour s’assurer que votre solde de liquidités bénéficie de la meilleure protection possible. Il convient de noter que ces mouvements de liquidités représentent des écritures dans votre compte qui servent à se compenser entièrement et n'ont donc aucun impact sur le solde de liquidités total dans votre compte (voir la colonne Total dans la section Rapport de liquidités de la déclaration d’activité).

Generate RSA Key Pair on Windows

These instructions apply to users who are receiving their statements via sFTP. If you elected to receive your statements via sFTP, you would first need to generate an RSA Key pair.

To generate an RSA Key pair:

1. Download WinSCP.

2. Run the installer and make sure to check PuTTYgen (key generator) as one of the components to install.

3. Start WinSCP and from the button Tools select Run PuTTYgen.


4. Once the tool PuTTYgen has been launched, click Generate. Select RSA as Type of key to generate, 2048 as Number of bits in generated key and click on the button Generate.

5. Click "Save private key" and give the file a name (like private). Leave the extension as .ppk  ('ale.ppk', in the picture below is an example filename).
Important Note: do NOT save your public key yet. Save only your private one.

6. Open WinSCP, create a new connection and:
  • Select SFTP as File protocol.
  • Enter xfer.interactivebrokers.com in the Host name field.
  • Enter 32 in the Port number field.
 
7. Click on the button Advanced.

8. In the Advanced Site Settings screen, left side menu, expand SSH and select Authentication. Click on the button ... at the end of the field Private Key file and open the private key you previously saved at point 5):

9. Click on the button Display public key:
 
10. Click on the button Copy Key.

11. Open Notepad, press CTRL+V to paste the key string (which is one string of characters without spaces) and then save the file with the name public.key in a folder of your preference:


12. Send the file you saved at the previous step to us via Message Center ticket or email as per instructions on IBKB3842
 
13. In the WinSCP Window, click on "OK" in the information pop-up showing the key, then "OK" in the Advanced Site Settings screen, then click on Save to save the new connection you have created.
 
14. Once the IBKR Sales Engineering Team has configured the parameters for your connection on our servers, you will be able to access your SFTP repository by using the connection you have created.
 
Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Decrypting Reports Using Your PGP Key Pair on macOS

Note: This tutorial assumes you received reports via email or via FTP that were encrypted with the public key you sent to IBKR . If you need guidance to set up the encrypted statement delivery, please refer to this article, which is a prerequisite to the instructions below.

1. Open Finder

2. Right click on the .gpg file you want to decrypt

3. Select Services > OpenPGP: Decrypt File

 

Common Issues/Questions

  • Decryption failed with error 'No Secret Key'

This is commonly caused when the wrong encryption key is used to decrypt the file.  If decryption is being done on a computer other than the original computer used to create the public/private keys, the keys would have to be transferred from the original computer to the new computer

If the above does not help, then a new public/private key pair needs to be created and sent to us.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Generate a Key Pair Using GPG Suite on macOS

If you elected to receive your statements in an encrypted form, you would first need to generate an RSA Key pair. To generate an RSA Key:

1. Download the GPG Suite for macOS

2. Double click on the downloaded installation file:

3. Click on Install

4. Click Continue

5. Click on Install

6. Click Install

Note: By default the installation includes an add-on for Apple Mail called GPG Mail. If you don't use Apple Mail and do not need this add-on, you can de-select it during this step.

7. Click on Close:

 

8. Launch GPGTools. The Create new key pair dialog box should automatically open. Input your Full Name, your Email and choose a Password. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
 
9. Expand Advanced options and make sure that:
  • The "Key type" drop-down is set to "RSA and RSA (default)"
  • "Length" is set to "2048"
  • The checkbox "Key will expire on" must remain NOT active

Important Note: Please be absolutely certain to set "Key type" to "RSA and RSA (default)" otherwise the key will be unusable.

 
10. Click on the button Create Key
 

11. Once the key pair is created it will be listed in your Key ring. Right click on it and select Export...

12. Choose a location to save the key pair in the Where field and make sure the checkbox Include secret key in exported file is deactivated. Click on Save.

13. You will receive a prompt indicating that the key pair was created successfully. Click on No, Thanks! to prevent uploading the public key to the PGP servers

14. Open Finder and go to the location you selected for saving the public key (at point 12).

15. Send the public key file to us via Message Center ticket or email as per instructions on IBKB3842.

 

Related articles

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB3968 - Generate a key pair using GPG for Windows
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

Generate a Key Pair Using GPG for Windows

To generate a key pair using GPG for Windows:

1. Download the GPG Installer for Windows.

2. Run the installer and click Next >.

3. Make sure that the component Kleopatra is selected as one of the sub components to include in the installation and click Next >.

4. The default installation folder will be displayed. Click Install.

5. Once the installation has completed, click Next >.

6. Make sure the checkbox Run Kleopatra is active and click Finish.

7. Kleopatra will now open. Click the top menu File and select New OpenPGP Key Pair...
 
 
8. Enter your full Name and your Email address. Make sure the checkbox Protect the generated key with a passphrase is active. Click Advanced Settings...
 
 
9. Enter the following Key parameters:
  • Select RSA + RSA as Key type
  • Select 2,048 bits and 2,048 bits as Key lengths
  • Activate the checkboxes: Encryption, Certification, Signing and Authentication. The first two should be already active by default
  • Deactivate the option Valid until

Once all the parameters have been set exactly as in the image below, click OK.

 
10. You will return to the Create OpenPGP Certificate window. Click OK.
 
 
11. You will be asked to enter a passphrase and type it again in the field Repeat: to confirm you made no typing errors. Once done, click OK. PLEASE NOTE: Keeping a secure copy of this password is essential. Any loss of this password will require the whole process to be repeated.
 
 
12. A pop-up will confirm the Key Pair has been successfully created. Click OK.
 
 
13. in the All Certificates panel, right-click on the newly created certificate and select Export...
 
 
14. Navigate to the directory where you want to save your the public portion of your key (e.g. Desktop). Choose a name such as publickey.asc and click Save.
 
 
15. Open the Windows File Explorer and navigate to the directory where you saved the key. You will find the public.asc file ready to be sent to us via Message Center ticket or email as per instructions in IBKB3842:
 
 

16. Although this is not strictly needed, we strongly recommend you to perform a backup of your Key Pair, following the steps in KB4411. This backup copy of the certificates can be imported again in Kleopatra in case the original set becomes corrupted or accidentally deleted.

 
References

KB3842 - Using GPG/RSA encryption keys to guarantee the privacy and security of your Reports
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 
 

 

 

Using GPG/RSA Encryption Keys to Guarantee the Privacy and Security of Your Reports

Background: 

In order to ensure the privacy and security of your Reports and Statements, IBKR offers the following file delivery options:

A. sFTP (Secure FTP) - Recommended solution

  • We can send you Reports using the sFTP (Secure FTP) protocol on non-standard TCP port 32.
  • sFTP is a network protocol that utilizes SSH (Secure Shell) for the transfer, management, and access of files through an encrypted data stream.
  • Key based authentication is required. You will authenticate against our sFTP server through a unique RSA - 2048-bit public/private key pair, generated directly by you. We will use only your public key as authentication method for our sFTP server. Since the two keys are mathematically linked, only the private key holder (you) will be able to access the data.
  • PGP encryption1 is optional.

B. Email with PGP (Pretty Good Privacy) Encryption

  • We can encrypt your Reports using PGP (Pretty Good Privacy) certificates and send you those reports via email.
  • PGP encryption1 is optional but recommended. If you opt to receive your Reports via email without encryption, any account sensitive data will be masked.

C. Plain FTP with PGP (Pretty Good Privacy) Encryption

  • We can send you Reports using the regular FTP protocol on standard TCP port 21.
  • PGP encryption1 is required. We can encrypt your Reports using PGP (Pretty Good Privacy) certificates.

Note 1: PGP encryption is based on a private/public key pair, which is unique and generated directly by you. We will use only your public key to encrypt your Reports. Since the two keys are mathematically linked, only the private key holder (you) will be able to decrypt the files.

 

To start the process, please select one of the options below according to the way you wish to access your Reports:

 

 

A. I Want to Receive my Reports via Secure FTP (sFTP)

When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:

1) Install a FTP application. There are many free FTP application suites that can be used, like FileZilla or WinSCP.

2) Generate a public/private RSA key pair. Please follow the procedure below according to the Operating System you use:

3) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:

  • Write "Attn. Reporting Integration Team" in the subject.
  • Write a short request for a IBKR hosted plain FTP in the message body
  • Write the IP Address(es) your connection will originate from in the message body
  • Paste the content (the alphanumeric string) of your RSA public key file in the message body

Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

4) IBKR will notify you within 1-2 business days, once your sFTP site has been set up.

5) Set your RSA key pair as authentication method for your sFTP client. Please follow the procedure below according to the Operating System you use:

 

B. I Want to Receive my Reports via Email with PGP Encryption

When electing to receive emails that contain encrypted data from IBKR, please follow the steps below:

1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:

2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
  • Write "Attn. Reporting Integration Team" in the subject
  • Paste the content (the alphanumeric string) of your PGP public key file in the message body
Alternatively, you can send an email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject and attach your PGP public key.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

3) IBKR will notify you once your public key was imported on our systems. You will then enable the encryption for email file delivery from your Client Portal.

4) Use your key pair to decrypt the emails with the encrypted attachment/s. Please follow the procedure below according to the Operating System you use:

 

C. I Want to Receive my Reports via FTP with PGP Encryption

When electing to receive your Reports through the IBKR hosted sFTP, please follow the steps below:

1) Generate a PGP key pair in order to decrypt the files. Please follow the procedure below according to the Operating System you use:

2) Open a Web Ticket (via Client Portal -> Help -> Support Center) as follows:
  • Write "Attn. Reporting Integration Team" in the subject
  • Write a short request for a IBKR hosted plain FTP in the message body
  • Paste the content (the alphanumeric string) of your PGP public key file in the message body

Alternatively, you can provide these same elements listed above via email to the Reporting Integration Team. Include the last 4 digits of your IBKR Account number in the email subject.

Note: We will not accept your public key if you have included as well your private key. Please be sure to send us only the public part of the key pair.

3) IBKR will notify you once your public key has been imported on our systems. You will then enable the encryption for FTP file delivery from your Client Portal.

4) Access our FTP site and use your PGP key pair to decrypt the files you receive. Please follow the procedure below according to the Operating System you use:

 

Additional procedures

 

References

KB3968 - Generate a key pair using GPG for Windows
KB4205 - Generate a key pair using GPG Suite on macOS
KB4108 - Decrypt your Reports using GPG for Windows
KB4210 - Decrypting Reports using your PGP Key pair on macOS
KB4407 - Generate RSA Key Pair on Windows
KB4819 - How to set up sFTP for using Certificate Authentication on Linux
KB4578 - How to Access your Reports using FTP on Windows
KB4580 - How to Access your Reports using FTP on MacOS
KB4409 - How to set up sFTP for using Certificate Authentication on Windows
KB4410 - How to set up sFTP for using Certificate Authentication on macOS
KB4411 - How to backup your public/private Key pair 
KB4323 - How to transfer your public/private key pair from one computer to another 

 

Que représente la ligne Gain/Perte conversion de devise dans mon relevé d'activité quotidien et comment est-ce calculé ?

Overview: 

Pour fournir un aperçu complet du capital de votre compte pour la production de relevés, tout solde en espèces long ou à découvert dans votre compte libellé dans une devise autre que votre devise de base doit être converti au taux de change actuel. Les taux de change étant susceptibles de changer d'une période à l'autre, ce processus de conversion peut résulter en une conversion FX positive (gain) ou négative (perte).  Remarque : ces gains ou ces pertes représente un calcul mark-to-market (c'est-à-dire, comme si tous les soldes non libellés en devise de base avaient été clôturés au taux de change de fin de séance) et les gains et pertes effectifs, le cas échéant, ne peuvent pas être déterminés tant que le solde non libellé en devise de base n'a pas été clôturé. 

La conversion FX gain/perte pour toute devise autre que la devise de base est déterminée en calculant d'abord la différence entre les taux de change de la devise de base actuels et les périodes de relevés précédentes (taux de changeA – taux de changeP , où les taux sont rendus disponibles dans la section Taux de change de la devise de base de chaque relevé). La différence, positive ou négative, est ensuite multipliée par le solde d'espèces de départ pour la période de relevé actuelle pour déterminer le gain de la conversion FX (si positive), ou la perte (si négative).  Étant donné que les informations concernant les devises autres que la devise de base (ex., ventes ou achats nets, commissions, intérêt, etc.) sont enregistrées à la fin de la journée pour des raisons de conversion de devises, elles n'ont, par définition, aucun gain ou aucune perte de change.

Glossary terms: 
Syndicate content