Support Center

PGP Authentication

To use PGP with the NTTCOM Registry, each user expecting to submit object updates authenicated by PGP must provide a PGP public key (RSA or DSS). These keys have to be registered in the database (source:) via a key-cert object (see Object Templates). A maintainer object (mntner) must be registered first, followed by the key-cert(s) and then PGP auth can be added to the maintainer.

To register a key-cert, extract a copy your public key. Here is an example using PGP 2.62 on a unix-like system (e.g. Linux, FreeBSD and others):

    % pgp -kxa heas /tmp/pubkey
    Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
    (c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94
    Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
    Distributed by the Massachusetts Institute of Technology.
    Export of this software may be restricted by the U.S. government.
    Current time: 2000/09/29 03:49 GMT
    
    Extracting from key ring: '/home/heas/.pgp/pubring.pgp', userid "heas".
    
    Key for user ID: John Heasley 
    1024-bit key, Key ID 7A774C09, created 1996/12/20
    
    Transport armor file: /tmp/pubkey.asc
    
    Key extracted to file '/tmp/pubkey.asc'.

The key-cert: value is PGPKEY-<key ID>, PGPKEY-7A774C09 in this example. The content of /tmp/pubkey.asc is:

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6.2
    
    mQCNAjK6S8cAAAEEAM4de4EPalJsDOsaSlOBRhDGLlSxRetZz532lPRL9rx0wkvL
    4U0mzSI2jppKjJJhvkwIkMsHd3yz3Vbpm/4HydPtCZc3/+kjC//myjdOMCK44ED4
    E42pt6Wgg8Ik0cOTqYexZ0qV/ci2aOMyXK+VbVGG1ZTK4SvsbEsr3VJ6d0wJAAUR
    tCFKb2huIEhlYXNsZXkgPGhlYXNAc2hydWJiZXJ5Lm5ldD6JAJUDBRA4UBPSD28L
    lepPzu8BAaN7A/9Q5FXm/WimNUe+iPBX/zznfUBkUpxpIy4yFApIKI68zslmxwdV
    975YT0t/ftVJtCCNjrhPD/4RI9kqDQqJMlh0hwYFTV+t/DFTvZ33wsklt/+Q4qLb
    4/AEdKpveG00seNt4R5UymD+NVK2fpmx2SJuHLQoh1tDo09KafmjOyCrmYkAlQMF
    EDhOvbTSMEkkdQ6DSQEBcbwD/jnrwtXpMPQmWYb12FLdmlMNGbV4ESxt8QXfgVra
    w14KQJ4P9lToT9Tmqe9Q4NFcKRs/00Q4xlRWwdPuFF4QGOJxBLnE1Xv60rY9eY2Q
    i3DRbRiDw0YgK1xgscRHeRq1giTc2NWFb11KlzV5qciWWDjpx6t01v9Vn59xCCbW
    kEdziQCVAwUQNWRxjfay2HvjD8wlAQGZlAP/SenlqYAfmSVZ/s5st9zA43hXQnNR
    oJeXvFW5kutGAuGOGXZInXB/q9HtoLrngA9PlWHNs+kDP3ipFh9+jyeojQm5fQ94
    R7yMRgupGZJ9WfUQRA1nvB+HmXfRg9bZ5FNoewrCO6aawhEnZ8D7HIrHRz+sH9Mi
    mufkPEARFgZ6F4GJAJUDBRA3eUEYT5ggX09IZTEBARGSBACZrW+GXCFHG5gPmeVX
    cOKcKCE18NyYlah0Pd72y15sJy8GyGIFTpDEDRRE//mQwIWaLV4eehuzHz0ygMm5
    HI4k7FlrHpJqq5/g6pM1zQohvqY53imUbhf4WBzgrvPrfTM/2jaWCb8OBNBCHpiT
    oKWkTqqvK99ScKkf+F+HJMa4ookAdQMFEDNaCL+6FAGUXCurYQEBLp4C/26hjz7e
    5gtlvfM+rdHNAZY+HUhZRty6kOyWJsMu1s9PDlTbljwdTz7cJ141jww6F8JCYGt4
    SfbeT1Mz7MDzgz8jXO710KOwzmOIqupUUUnuw0bMhIMZzhPm6+0OeZgCSYkAlQMF
    EDXVCFcImkdUx0QebQEBjf0EAKyDniKogR5CPn3zIUHAmroHMKiDdMEFsZv4Ih0m
    ERymLH0m2YLePS2lBnwg4ZsIlj0OVksJLgoSb8V3TM1a2ykBkldySha3dHRE0g8J
    QDQ1c2QgGd5SHdBFZY0FNbKj1XbCqxN0ZdmRay5l7UxD532xXA+TZ0LZwkaYcamP
    fjW1iQCVAwUQNBUPkPTPnXJdMaXhAQECgwP/f39qTwHAQEj/fxtbH4wmmsDjo8d0
    FJ/MZsSMSiF0PDbAkvb/krY4Xr4MI1MNNosUJ6f4ZHMGLIzYGYeLyy1jD8KLMDjZ
    DdJI+eKG46iHHLpcAlYeKhfZqEB16+t44mGW6cKyUellk0cUd7nK2ZPj+/u/4ziN
    JekadG1899vuHzSJARUDBRAzTJh364x/pH7NgKUBAZrkB/4sDhJ54578Ze+ci9wM
    OaaTlIsH8YGWskZ1Y+Hj8XiLX4euUXDqd9SFs9RBrzMx7edlE8Q1N9cLAPVCKr8d
    swhb2K7Tgmpwrhe6KpNUa6PSCv6t11gc17QiFzJGoYSAAl7UnJjx9zFAMjfeo+id
    O0clhPMWC6pvB2rNoBMNt+vRXpq7ApWF8CSudwWf277BrKGC8TbwC/ntMtS4ZcjR
    S9Tl/5EMdHgMKqQt+wJx/g1o6g2d0xz65IoNDhpScetkSQXjFh20olcts0ZnQRhp
    W7J9kAEFG9/Yr8GIB7eUjsOr1XIlhMNqwOkqfu9px3eM3ntBjJOZM/WbHWm1KYc4
    2/hciQCVAwUQMrtgE0sr3VJ6d0wJAQFisgP/TDmqElXnB+h9MldnsnnZ7VgDLhHY
    +hv8EP9aVd/w2oOR3ZKhYYFcbBnmOvPp34SxaBMf3KSqhEQ22tAfOoQkhIDQs0oj
    DtB4mTmtlQNHFVlbD914eHxIYEznrr7Nw2xqo/GgA+lEC0hrZx2itrIHcZgojE3q
    T42/v4ja9lTNq1OJAJUDBRAyu0Gn+8I/jbEzFDkBAarXA/99R9ATMI8NSVIX3V0z
    Js2oIjC/jKbvstVhR7E+yx49hqRWBtVDCT65IiR2pyf4rl9M+tekbKununIBhjny
    yXcMkK96fbBrFQA3c2pqSLKhXNFrEdapV0874VgwVfW4938xi5oCfV/nPT6lYgdo
    H6/eLL6MCx9ga0q87NGUdh0naw==
    =OlpC
    -----END PGP PUBLIC KEY BLOCK-----
    mnt-by:             MAINT-HEAS
    changed:            heas@shrubbery.net 20000928
    source:             NTTCOM
    password: foo

Note the use of the CRYPT-PW authentication password for the maintainer MAINT-HEAS. Then, the PGP authentication information must be added to the maintainer object. For example:

    mntner:             MAINT-HEAS
    descr:              shrubbery maintainer
    admin-c:            JH636
    tech-c:             JH636
    upd-to:             heas@shrubbery.net
    mnt-nfy:            heas@shrubbery.net
    auth:               CRYPT-PW za/0jxyxoQNJQ
    auth:               PGPKEY-7A774C09
    notify:             heas@shrubbery.net
    mnt-by:             MAINT-HEAS
    changed:            heas@shrubbery.net 20000928
    source:             NTTCOM
    password: foo

Once the server has acknowleged the maintainer object update, further object updates can be authenticated with PGP. For example:

    % cat /tmp/mntner
    mntner:             MAINT-HEAS
    descr:              shrubbery.net maintainer
    admin-c:            JH636
    tech-c:             JH636
    upd-to:             heas@shrubbery.net
    mnt-nfy:            heas@shrubbery.net
    auth:               CRYPT-PW za/0jxyxoQNJQ
    auth:               PGPKEY-7A774C09
    notify:             heas@shrubbery.net
    mnt-by:             MAINT-HEAS
    changed:            heas@shrubbery.net 20000928
    source:             NTTCOM
    % pgp -sta /tmp/mntner
    Pretty Good Privacy(tm) 2.6.2 - Public-key encryption for the masses.
    (c) 1990-1994 Philip Zimmermann, Phil's Pretty Good Software. 11 Oct 94
    Uses the RSAREF(tm) Toolkit, which is copyright RSA Data Security, Inc.
    Distributed by the Massachusetts Institute of Technology.
    Export of this software may be restricted by the U.S. government.
    Current time: 2000/09/29 04:11 GMT
    
    A secret key is required to make a signature. 
    You need a pass phrase to unlock your RSA secret key. 
    Key for user ID "John Heasley "
    
    Enter pass phrase: Pass phrase is good.  
    Key for user ID: John Heasley 
    1024-bit key, Key ID 7A774C09, created 1996/12/20
    Just a moment....
    Clear signature file: /tmp/mntner.asc
    % more /tmp/mntner.asc
    -----BEGIN PGP SIGNED MESSAGE-----
    
    mntner:        MAINT-HEAS
    descr:         shrubbery.net maintainer
    admin-c:       JH636
    tech-c:        JH636
    upd-to:        heas@shrubbery.net
    mnt-nfy:       heas@shrubbery.net
    auth:          CRYPT-PW za/0jxyxoQNJQ
    auth:          PGPKEY-7A774C09
    notify:        heas@shrubbery.net
    mnt-by:        MAINT-HEAS
    changed:       heas@shrubbery.net 20000928
    source:        NTTCOM
    
    -----BEGIN PGP SIGNATURE-----
    Version: 2.6.2
    
    iQCVAwUBOdQW1Esr3VJ6d0wJAQE3ZQP+NOb3XY0fCa0Icfn99bLn25pHDdEBGdmh
    T0dbvf9znD3kKE5ZETswluA/LRiO5NW0sjKvOxXJrNX6+Vmf1ueP3TvGjhZXl2Fl
    1c8iRFul1gWIlqBU+C8GD8yRJ+7XysfAHjYj5wIlISRVL6aWCCp2RCFlsgrB3TnC
    Zd8L4dX7Bi8=
    =nbPN
    -----END PGP SIGNATURE-----

The contents of /tmp/mntner.asc (in it’s entirety) sent via electronic mail to the email address of registry automatic procesor. Note the options to PGP; -sta to sign a plaintext file with your secret key (see your implementation’s documentation for more information).

PLEASE do not send email with MIME attachments to the registry for processing. MIME attachements will be NOT be processed. Many mail clients that include PGP support use MIME attachments by default.

For more information on PGP authentication with IRRs, see RFC2726.

PGP key (key-cert) Template

    ---------------------- CUT HERE -------------------
    key-cert:
    certif:
    mnt-by:
    changed:
    source: NTTCOM
    ---------------------- CUT HERE -------------------
    key-cert:  [mandatory]  [single]     [primary/look-up key]
    method:    [generated]  [single]     [ ]
    owner:     [generated]  [multiple]   [ ]
    fingerpr:  [generated]  [single]     [ ]
    certif:    [mandatory]  [single]     [ ]
    remarks:   [optional]   [multiple]   [ ]
    notify:    [optional]   [multiple]   [inverse key]
    mnt-by:    [mandatory]  [multiple]   [inverse key]
    changed:   [mandatory]  [multiple]   [ ]
    source:    [mandatory]  [single]     [ ]

key-cert Example

    key-cert:           PGPKEY-7A774C09
    method:             PGP
    owner:              John Heasley 
    fingerpr:           F4 56 93 93 3A CD 4C C1  C7 D5 6C B2 A7 F4 E0 FD
    certif:             
    +-----BEGIN PGP PUBLIC KEY BLOCK-----
    +Version: 2.6.2
    +
    +mQCNAjK6S8cAAAEEAM4de4EPalJsDOsaSlOBRhDGLlSxRetZz532lPRL9rx0wkvL
    +4U0mzSI2jppKjJJhvkwIkMsHd3yz3Vbpm/4HydPtCZc3/+kjC//myjdOMCK44ED4
    +E42pt6Wgg8Ik0cOTqYexZ0qV/ci2aOMyXK+VbVGG1ZTK4SvsbEsr3VJ6d0wJAAUR
    +tCFKb2huIEhlYXNsZXkgPGhlYXNAc2hydWJiZXJ5Lm5ldD6JAJUDBRA4UBPSD28L
    +lepPzu8BAaN7A/9Q5FXm/WimNUe+iPBX/zznfUBkUpxpIy4yFApIKI68zslmxwdV
    +975YT0t/ftVJtCCNjrhPD/4RI9kqDQqJMlh0hwYFTV+t/DFTvZ33wsklt/+Q4qLb
    +4/AEdKpveG00seNt4R5UymD+NVK2fpmx2SJuHLQoh1tDo09KafmjOyCrmYkAlQMF
    +EDhOvbTSMEkkdQ6DSQEBcbwD/jnrwtXpMPQmWYb12FLdmlMNGbV4ESxt8QXfgVra
    +w14KQJ4P9lToT9Tmqe9Q4NFcKRs/00Q4xlRWwdPuFF4QGOJxBLnE1Xv60rY9eY2Q
    +i3DRbRiDw0YgK1xgscRHeRq1giTc2NWFb11KlzV5qciWWDjpx6t01v9Vn59xCCbW
    +kEdziQCVAwUQNWRxjfay2HvjD8wlAQGZlAP/SenlqYAfmSVZ/s5st9zA43hXQnNR
    +oJeXvFW5kutGAuGOGXZInXB/q9HtoLrngA9PlWHNs+kDP3ipFh9+jyeojQm5fQ94
    +R7yMRgupGZJ9WfUQRA1nvB+HmXfRg9bZ5FNoewrCO6aawhEnZ8D7HIrHRz+sH9Mi
    +mufkPEARFgZ6F4GJAJUDBRA3eUEYT5ggX09IZTEBARGSBACZrW+GXCFHG5gPmeVX
    +cOKcKCE18NyYlah0Pd72y15sJy8GyGIFTpDEDRRE//mQwIWaLV4eehuzHz0ygMm5  
    +HI4k7FlrHpJqq5/g6pM1zQohvqY53imUbhf4WBzgrvPrfTM/2jaWCb8OBNBCHpiT  
    +oKWkTqqvK99ScKkf+F+HJMa4ookAdQMFEDNaCL+6FAGUXCurYQEBLp4C/26hjz7e
    +5gtlvfM+rdHNAZY+HUhZRty6kOyWJsMu1s9PDlTbljwdTz7cJ141jww6F8JCYGt4
    +SfbeT1Mz7MDzgz8jXO710KOwzmOIqupUUUnuw0bMhIMZzhPm6+0OeZgCSYkAlQMF
    +EDXVCFcImkdUx0QebQEBjf0EAKyDniKogR5CPn3zIUHAmroHMKiDdMEFsZv4Ih0m
    +ERymLH0m2YLePS2lBnwg4ZsIlj0OVksJLgoSb8V3TM1a2ykBkldySha3dHRE0g8J
    +QDQ1c2QgGd5SHdBFZY0FNbKj1XbCqxN0ZdmRay5l7UxD532xXA+TZ0LZwkaYcamP
    +fjW1iQCVAwUQNBUPkPTPnXJdMaXhAQECgwP/f39qTwHAQEj/fxtbH4wmmsDjo8d0
    +FJ/MZsSMSiF0PDbAkvb/krY4Xr4MI1MNNosUJ6f4ZHMGLIzYGYeLyy1jD8KLMDjZ
    +DdJI+eKG46iHHLpcAlYeKhfZqEB16+t44mGW6cKyUellk0cUd7nK2ZPj+/u/4ziN
    +JekadG1899vuHzSJARUDBRAzTJh364x/pH7NgKUBAZrkB/4sDhJ54578Ze+ci9wM
    +OaaTlIsH8YGWskZ1Y+Hj8XiLX4euUXDqd9SFs9RBrzMx7edlE8Q1N9cLAPVCKr8d
    +swhb2K7Tgmpwrhe6KpNUa6PSCv6t11gc17QiFzJGoYSAAl7UnJjx9zFAMjfeo+id
    +O0clhPMWC6pvB2rNoBMNt+vRXpq7ApWF8CSudwWf277BrKGC8TbwC/ntMtS4ZcjR  
    +S9Tl/5EMdHgMKqQt+wJx/g1o6g2d0xz65IoNDhpScetkSQXjFh20olcts0ZnQRhp
    +W7J9kAEFG9/Yr8GIB7eUjsOr1XIlhMNqwOkqfu9px3eM3ntBjJOZM/WbHWm1KYc4
    +2/hciQCVAwUQMrtgE0sr3VJ6d0wJAQFisgP/TDmqElXnB+h9MldnsnnZ7VgDLhHY
    ++hv8EP9aVd/w2oOR3ZKhYYFcbBnmOvPp34SxaBMf3KSqhEQ22tAfOoQkhIDQs0oj
    +DtB4mTmtlQNHFVlbD914eHxIYEznrr7Nw2xqo/GgA+lEC0hrZx2itrIHcZgojE3q
    +T42/v4ja9lTNq1OJAJUDBRAyu0Gn+8I/jbEzFDkBAarXA/99R9ATMI8NSVIX3V0z
    +Js2oIjC/jKbvstVhR7E+yx49hqRWBtVDCT65IiR2pyf4rl9M+tekbKununIBhjny
    +yXcMkK96fbBrFQA3c2pqSLKhXNFrEdapV0874VgwVfW4938xi5oCfV/nPT6lYgdo  
    +H6/eLL6MCx9ga0q87NGUdh0naw==
    +=OlpC
    +-----END PGP PUBLIC KEY BLOCK-----
    mnt-by:             MAINT-HEAS
    changed:            heas@shrubbery.net 20000928
    source:             NTTCOM

Get More Information

h

Product Collateral

i

Case Studies

White Papers

y

Audio & Video

Get Started

To find out which solutions will best benefit your business, contact one of our Account Managers.

Click Here to Get Connected

Stay Connected

Contact the Global IP Network Team

Thank you for your interest in the Global IP Network.

Please click the button below and fill out the form, and a representative will contact you shortly.

CONTACT US
NTT | Global IP Network

NTT DATA is a global leader in all Internet-related businesses. Our Tier 1 Global IP Network, consistently ranked among the top networks worldwide, spans the Americas, Europe, Asia and Oceania, providing the best possible environment for content, data and video transport through a single Autonomous System Number (AS2914).

© 2024 NTT | Global IP Network

Global IP Network
Products & Services
Downloads
Support Center
News & Events
Contact Us

Customer Portal
Partner Landing Zone
Global IP Network Map
Looking Glass