I’m trying to confirm whether or not Box development could support setting up an SFTP server with Elliptic Curve Digital Signature Algorithm (ECDSA), such as using Server-side authentication using JSON Web Tokens (JWT). 

And if so can anyone estimate the effort and/or point me to relevant examples or docs?

I know that SFTP is supported with a user password (not SSO) per Box docs, but the financial services client I’m working has security stipulations allowing SFTP but only with key pair authorization (ECDSA preferred). I’m otherwise looking at setting up a basic Azure blob storage SFTP but they don’t support ECDSA specifically, and our teams already use Box for internal project document storage and sharing, so Box would be a preferred method for us if it’s possible.

Overall goal is to be able to securely share files back and forth with external clients without requiring Box user licenses and access for those clients individual team members for short-term projects (their security team would not allow them to join Box anyway).