Odette File Transfer Protocol v2

Automotive supply chains are now globally distributed, with business partners and decentralised project teams needing to exchange large volumes of information across the world quickly and securely.

Exchanging files via local or regional networks is no longer the best option – the most cost-effective method for exchanging large volumes of data efficiently is via the public internet.

is tailored to the specific communications requirements of automotive industry stakeholders and is the most widely used protocol for the exchange of mission critical automotive data across the public internet. It provides flawless and secure transmission between organisations which use a wide range of different communication software systems, ensuring that confidential and sensitive information is transmitted quickly and in complete safety.

The OFTP2 specification (recognized by the Internet Engineering Task Force as RFC5024) was developed, and is continually maintained, by the Odette OFTP2 Experts Group, consisting of telecommunications experts from major automotive companies and technology service providers.

Odette does not develop or sell OFTP2 software, we leave this to our technology service provider partners, but we do carry out testing of their OFTP2 software to ensure that they respect the Odette specification and can interoperate seamlessly with each other.


  • Multi-function: The protocol supports the transfer of both engineering data and commercial information (eg. EDI).
  • Large file size: Transmitting large volumes of data, such as engineering designs or large EDI interchanges (e.g. delivery schedules), is straightforward with OFTP2 which includes file compression and check point restarts as a standard feature.
  • Network-independent: OFTP2 works over any IP-based network including the public internet, the foundation of all business-to-business communication.
  • Traceability: Follow up, receipt and non-repudiation functions across any network allow continuous open communication.
  • Low cost solution: OFTP2 is inexpensive to implement and use; it delivers significant cost-savings by providing quick, easy and secure exchange of large volumes of sensitive information.

Trusted performance

OFTP2 is implemented by the majority of automotive companies including Audi, BMW, Daimler, Ford, Hyundai, MAN, Opel, PSA, Scania, Skoda, Volkswagen and Volvo along with most large Tier 1 suppliers.

Multi-layer security

Advanced security functionality ensures confidentiality with multiple levels of protection:

  • Transport Layer Security (SSL/TLS)
  • File encryption
  • Partner authentication
  • Non-repudiation

Meeting the latest security challenges

The Odette OFTP2 Experts Group regularly reviews the protocol in order to ensure that it always meets current business and security requirements. The Group has recommended several updates to the OFTP2 Implementation Guidelines to ensure that the extensive OFTP2 community remains secure.

  • SHA-256 algorithm: Several announcements have been made by the IT industry regarding certificates which are signed using the SHA-1 signature algorithm which is considered capable of being broken at some time in the near future. The Odette Certificate Authority (CA) has therefore switched to signing its certificates using signature algorithm SHA-256 (commonly known as SHA-2).  All Odette recommended OFTP2 softwares, from providers who have taken an active part in the development of the revised guidelines, have been tested to ensure that they can handle SHA-256 signed certificates.
  • PFS - Perfect Forward Secrecy: the previous system using asymmetric keys to secure transmission sessions is considered vulnerable to security breaches: if a hacker records the encrypted data exchange and obtains the private key, they may decrypt the whole content of data exchanged. A different system - Perfect Forward Secrecy - prevents this possibility. The community has therefore agreed to make PFS, used in connection with a Diffie Hellmann Ephemeral (DHE) algorithm, the default method of setting up a secure channel (Transport Layer Security – TLS) and a cipher using this method should be offered as the first option to establish sessions security.

These changes are fully explained in the OFTP2 Implementation Guidelines which can be downloaded free of charge (see below).

OFTP2 Software Providers

If you would like to have your OFTP2 products tested by Odette, please click here to find out more about our Software Testing Service.

Related content

Get started with OFTP2

OFTP2 is straightforward to deploy and organisations can quickly benefit from secure data exchange over the internet with both customers and suppliers by installing software from service providers who have undergone rigorous Odette OFTP2 software testing.


To begin using OFTP2, your organisation will require:

  • OFTP2-enabled software
  • An appropriate digital certificate
  • An SSID identifier (aka Odette ID codes)
  • Internet connectivity