diff --git a/account_ebics/README.rst b/account_ebics/README.rst
index d668e42..54aeab8 100644
--- a/account_ebics/README.rst
+++ b/account_ebics/README.rst
@@ -24,6 +24,7 @@ Remark:
 
 The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.
 
+SWIFT 3SKey support requires Fintech 6.4 or higher.
 |
 
 We also recommend to consider the installation of the following modules:
@@ -136,5 +137,5 @@ You can also find this information in the doc folder of this module (file EBICS_
 Known Issues / Roadmap
 ======================
 
-- add support for 3SKEY signed transactions
 - add support for EBICS 3.0
+- add support to import externally generated keys & certificates (currently only 3SKey signature certificate)
diff --git a/account_ebics/__manifest__.py b/account_ebics/__manifest__.py
index bce8e59..fd3324d 100644
--- a/account_ebics/__manifest__.py
+++ b/account_ebics/__manifest__.py
@@ -3,7 +3,7 @@
 
 {
     'name': 'EBICS banking protocol',
-    'version': '13.0.1.1.4',
+    'version': '13.0.1.2.0',
     'license': 'LGPL-3',
     'author': 'Noviat',
     'website': 'www.noviat.com',
diff --git a/account_ebics/models/ebics_userid.py b/account_ebics/models/ebics_userid.py
index 4953474..6ae6a1f 100644
--- a/account_ebics/models/ebics_userid.py
+++ b/account_ebics/models/ebics_userid.py
@@ -93,6 +93,14 @@ class EbicsUserID(models.Model):
         help="EBICS Public Bank Keys to be checked for consistency.")
     ebics_public_bank_keys_fn = fields.Char(
         string='EBICS Public Bank Keys Filename', readonly=True)
+    swift_3skey = fields.Boolean(
+        string='Enable 3SKey support',
+        help="Transactions for this user will be signed "
+             "by means of the SWIFT 3SKey token.")
+    swift_3skey_certificate = fields.Binary(
+        string='3SKey Certficate')
+    swift_3skey_certificate_fn = fields.Char(
+        string='EBICS Public Bank Keys Filename')
     # X.509 Distinguished Name attributes used to
     # create self-signed X.509 certificates
     ebics_key_x509 = fields.Boolean(
@@ -168,6 +176,16 @@ class EbicsUserID(models.Model):
                 raise UserError(_(
                     "The passphrase must be at least 8 characters long"))
 
+    @api.onchange('signature_class')
+    def _onchange_signature_class(self):
+        if self.signature_class == 'T':
+            self.swift_3skey = False
+
+    @api.onchange('swift_3skey')
+    def _onchange_swift_3skey(self):
+        if self.swift_3skey:
+            self.ebics_key_x509 = True
+
     def set_to_draft(self):
         return self.write({'state': 'draft'})
 
@@ -192,6 +210,10 @@ class EbicsUserID(models.Model):
             raise UserError(
                 _("Set a passphrase."))
 
+        if not self.swift_3skey and not self.swift_3skey_certificate:
+            raise UserError(
+                _("3SKey certificate missing."))
+
         ebics_version = self.ebics_config_id.ebics_version
         try:
             keyring = EbicsKeyRing(
@@ -214,6 +236,14 @@ class EbicsUserID(models.Model):
         self.ebics_config_id._check_ebics_keys()
         if not os.path.isfile(self.ebics_keys_fn):
             try:
+                # TODO:
+                # enable import of all type of certicates: A00x, X002, E002
+                if self.swift_3skey:
+                    kwargs = {
+                        self.ebics_config_id.ebics_key_version:
+                        base64.decodestring(self.swift_3skey_certificate),
+                    }
+                    user.import_certificates(**kwargs)
                 user.create_keys(
                     keyversion=self.ebics_config_id.ebics_key_version,
                     bitlength=self.ebics_config_id.ebics_key_bitlength)
@@ -223,6 +253,11 @@ class EbicsUserID(models.Model):
                 error += '\n' + str(exctype) + '\n' + str(value)
                 raise UserError(error)
 
+        if self.swift_3skey and not self.ebics_key_x509:
+            raise UserError(_(
+                "The current version of this module "
+                "requires to X509 support when enabling 3SKey"))
+
         if self.ebics_key_x509:
             dn_attrs = {
                 'commonName': self.ebics_key_x509_dn_cn,
diff --git a/account_ebics/static/description/index.html b/account_ebics/static/description/index.html
index fd66ab0..570ff71 100644
--- a/account_ebics/static/description/index.html
+++ b/account_ebics/static/description/index.html
@@ -358,9 +358,8 @@ ul.auto-toc {
 </ul>
 <p>Remark:</p>
 <p>The EBICS 'Test Mode' for uploading orders requires Fintech 4.3.4 or higher.</p>
-<div class="line-block">
-<div class="line"><br /></div>
-</div>
+<p>SWIFT 3SKey support requires Fintech 6.4 or higher.
+|</p>
 <p>We also recommend to consider the installation of the following modules:</p>
 <div class="line-block">
 <div class="line"><br /></div>
@@ -472,8 +471,8 @@ You can also find this information in the doc folder of this module (file EBICS_
 <div class="section" id="known-issues-roadmap">
 <h2>Known Issues / Roadmap</h2>
 <ul class="simple">
-<li>add support for 3SKEY signed transactions</li>
 <li>add support for EBICS 3.0</li>
+<li>add support to import externally generated keys &amp; certificates (currently only 3SKey signature certificate)</li>
 </ul>
 </div>
 </div>
diff --git a/account_ebics/views/ebics_userid_views.xml b/account_ebics/views/ebics_userid_views.xml
index b402c74..aa32002 100644
--- a/account_ebics/views/ebics_userid_views.xml
+++ b/account_ebics/views/ebics_userid_views.xml
@@ -38,13 +38,18 @@
                   help="Use this button to bypass the EBICS initialization (e.g. in case you have manually transferred active EBICS keys from another system."/>
           <field name="state" widget="statusbar"/>
         </header>
-        <group name="main">
+        <group name="main" attrs="{'readonly': [('state', '!=', 'draft')]}">
           <field name="ebics_keys_found" invisible="1"/>
           <field name="ebics_keys_fn" invisible="1"/>
           <group name="main-left">
             <field name="name"/>
             <field name="ebics_passphrase" password="True"
                    attrs="{'required': [('state', '=', 'draft')]}"/>
+            <field name="swift_3skey"
+                   attrs="{'invisible': [('signature_class', '=', 'T')]}"/>
+            <field name="swift_3skey_certificate_fn" invisible="1"/>
+            <field name="swift_3skey_certificate" filename="swift_3skey_certificate_fn"
+                   attrs="{'invisible': [('swift_3skey', '=', False)], 'required': [('swift_3skey', '=', True)]}"/>
             <field name="active"/>
           </group>
           <group name="main-right">
@@ -53,7 +58,7 @@
             <field name="ebics_key_x509"/>
           </group>
         </group>
-        <group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)]}">
+        <group col="4" name="dn" attrs="{'invisible': [('ebics_key_x509', '=', False)], 'readonly': [('state', '!=', 'draft')]}">
           <group colspan="4" col="1">
             <strong>Distinguished Name attributes used to create self-signed X.509 certificates:</strong>
           </group>