The APIRR supports the following types of authentication:
- PGPKEY
- CRYPT-PW
- MAIL-FROM
For more information, see RPSL authentication types.
While APIRR supports many forms of authentication, PGP is currently the preferred method.
The APIRR database supports authentication with PGP signatures. PGP is currently the most secure way of protecting objects from unauthorised modification. The current implementation supports DSS/Diffie-Hellman and RSA algorithms.
Storing public keys on the server
The key-cert object allows PGP public keys to be stored on the server. See _APIRR object templates_ for a copy of the _key-cert template_.
For information creating a object, see RIPE's PGP authentication in the RIPE Database.
Using PGP in a maintainer object
PGP authentication can be activated in a maintainer object by placing the PGP key ID in the auth field using the following format:
Auth: PGPKEY-<id>
<id> is the PGP key ID to be used for authentication and corresponds with the key-cert field in the key-cert object.
For more information on using PGP keys in maintainer objects, see RIPE's PGP authentication in the RIPE Database.
Using authentication when updating objects
To send PGP signed updates by email, sign the body of the message that contains the updates. Remember to use ASCII armoring. You can send PGP-signed and unsigned objects in a single update message.
For more information on using authentication when sending updates, see RIPE's PGP authentication in the RIPE Database.
Other PGP details
An alternative to PGP is GnuPG, used by the APIRR database server. GnuPG does not use the patented IDEA algorithm, and can therefore be used without restrictions. GnuPG is an RFC2440 compliant application.
General information about PGP is available at the International PGP homepage. This implementation is based on the specification done by the RIPE Database Security Task Force, which is also available as IETF draft for possible use in the IETF's RPS working group authentication procedures.
Legal issues
Encryption technology is subject to legal restrictions in some countries. PGP signatures are based on public key encryption. Consult a lawyer if you are uncertain about your local situation.
