Using PGP (Pretty Good Privacy) Technology with ARIN
You can use PGP (Pretty Good Privacy) with template transactions submitted to firstname.lastname@example.org and email@example.com. Using PGP technology with ARIN is simple.
- Register and Confirm Your Key with ARIN
- Use Your Key with ARIN
- Verify Email You Receive from ARIN
- Report Problems with Keys
To have ARIN verify PGP-signed template transactions sent from you, you will need to register and confirm your key by following these four steps.
Step 1: Set up PGP
Set up PGP on your computer and generate your public and private keys. Associate one or multiple email addresses with your key.
Example, firstname.lastname@example.org, email@example.com, and firstname.lastname@example.org could all be associated with the same key.
Conversely, an email address can be associated with more than one key.
Step 2: Submit Registration
Complete and submit the ARIN PGP Registration Form. You will need to enter your public PGP key on this form.
Step 3: Confirm
To authenticate your registration, ARIN will send a separate confirmation message to each email address associated with your public key.
Step 4: Verify
Sign and forward the confirmation message, unchanged, to email@example.com for each email address you want ARIN to verify key-signed request transactions. If you have three email addresses associated with the PGP key, you need to sign and forward the confirmation message from all three email addresses before ARIN can accept their key signature on request transactions.
Upon receipt, ARIN will verify your key and notify you to begin signing your request transactions sent to firstname.lastname@example.org and email@example.com. Each email address you confirmed will be tied to your key, and any other information associated with your key will be ignored.
Sign template transactions you submit to firstname.lastname@example.org or email@example.com with your PGP key. Unsigned template transactions from email addresses with a registered key can not be accepted.
There are a wide variety of mail user agents (MUAs) and PGP signing applications for various operating systems. ARIN has tested a number of these combinations. Not all MUAs have built-in PGP support. Examine your MUA's documentation to determine if it supports PGP signatures, either natively, or through plug-ins. Also consult your PGP software documentation for information on generating keys, using keys for signatures, and importing ARIN's public key so that you can verify ARIN's email responses to template transactions.
Many ARIN customers use scripts to generate templates, especially those submitting large volumes of SWIP information. You may choose to use command line tools to sign template submissions, which can be included in your custom script. This technique has been successfully tested and is useful for high volume submissions to ARIN.
ARIN has not implemented the encryption functionality of PGP. Therefore, ARIN can not accept encrypted incoming mail at this time, and ARIN doesn't encrypt any outgoing mail. Do not encrypt your email to ARIN. NOTE: Some PGP software packages have encryption turned on as the default setting. You must change the default setting to turn off encryption in order to submit email to ARIN.
ARIN will sign replies to template transactions with its key. This allows you to authenticate email sent from firstname.lastname@example.org and email@example.com.
You may verify ARIN's public key from this site. ARIN has also registered its public key with the key server at pgp.mit.edu so that you may confirm its authenticity. Use your PGP software to download and install ARIN's public key on your local key ring in order to authenticate email you receive from ARIN.
If you have any issues (lost, stolen, forgot passphrase, etc.) with the key you registered with ARIN, use the Ask ARIN feature in your web account or send an email to firstname.lastname@example.org and an Analyst will work with you to resolve the problem.