I see you're a bit confused about SSH keys. Don't worry, that's surprisingly common with seasoned admins too.
So the user sp2adm@serverA must copy a file to SECFTP@serverB, right?
in that case, secftp must run ssh-keygen at serverA to create a SSH keypair. The _public_ key of that keypair should then be copied to the ~/.ssh/authorized_keys file of the SECFTP user on serverB. The home directory of SECFTP@serverB, its .ssh sub-directory and the authorized_keys file must not be writable by anyone other than SECFTP.
Think of it this way: the SSH public and private keys correspond to a physical lock and a key that fits that lock only, respectively. If you need to have access to a particular door but are afraid that the owner of the door might copy your key if s/he sees it, you can buy a lock and a matching key from a locksmith, then give the lock (=the public key) to the door owner so that s/he can install it to the door. You can then open the door with your key whenever you wish, without showing your key to anyone else at any point.
Making copies of the lock and installing them to other doors is not very useful, assuming that you cannot be tricked to go to a wrong door. This particular lock is constructed in such a way that it's extremely difficult to examine the lock to find out information about the key that opens it.
MK
MK
