PGP

At a glance

  • We use PGP digital signatures to confirm the authenticity of all email requests sent to the Automaton
  • Use your PGP software to create your PGP key
  • You need to extract a copy of your public key and add it to Nominet’s keyring.
  • You add or remove your PGP key to our system via your online service account

We use PGP digital signatures to confirm the authenticity of all email requests sent to the Automaton. Due to the range and availability we cannot list all sources, but you can find a wide range of PGP compatible software at the following sites:

  • http://www.pgp.com - Graphical Windows/Mac versions of PGP
  • http://www.gnupg.org - Free command line alternative to PGP
  • http://www.pgpi.org - Multiple freeware versions of PGP (to V6.5.8) and GnuPG.

Please note that it is your responsibility to licence the version you use.

Generating a PGP key for use with the Automaton

The way you create your PGP key will differ depending on the PGP application you use. The following instructions cover the most common PGP variations used with our Automaton and provide the configuration information that can be used with any PGP application. Any further information requested by your PGP application should either be left empty or as its default value. A visual guide for Windows PGP Desktop 9.x is also available.

  1. Activate the key generator for your PGP program:
    • PGP (Windows): Click the File menu and select New Key
    • PGP (Mac): Click the File menu and select New then PGP Key
    • PGP (Command Line): PGP -kg 1024
    • GnuPG: gpg --gen-key --allow-freeform-uid
  2. Provide the following information when prompted:
    • Name/User ID: The upper-case TAG name provided by us
    • Email Address: Must be left blank
    • Key Pair Size: 1024
    • Expiry date: Never expire
    • Passphrase: Your choice of password, required whenever you use PGP
  3. After leaving the key generator users of PGP 9 (or above) must also:
    • Double click on the newly created key
    • Select the Hash field then Edit... and make sure only SHA-1 is selected

Adding your PGP key to the Automaton's keyring

So that the Automaton can verify messages signed with your new PGP key, you need to extract a copy of your public key and add it to our system. The key data added should look similar to that of our own public key.

  1. Copy your public PGP key to your clipboard:
    • PGP (Windows): Right click on the key and select copy or copy public key
    • PGP (Mac): Right click on the key and select Export To Clipboard
    • PGP (Command Line): pgp -kxa -u <User ID>, copy the key from the file created
    • GnuPG: gpg --armor --export <KeyID> > key.asc, copy the contents of key.asc
  2. Login to our Online Service
  3. Click on Tag Settings and then Edit PGP Keys.
  4. Select Import a New PGP key and paste your public PGP key into the PGP Key Text field. If present, remove any additional lines outside of the ----- PGP ----- lines.
  5. Click on Import Key and confirm Yes, create the key and put it live

You will be able to use the key when the Automaton's keyring next updates, which occurs daily around 8pm (GMT).

Testing your PGP key

The following steps outline how to PGP sign and send messages to the Automaton. We recommend sending a test request to verify that your key has been successfully added. As mentioned above, after adding a new key the test can be made once the Automaton's keyring next updates at 8pm (GMT).

  1. Highlight and copy the following Automaton modification test command: 
        operation: modify
    key: automaton-test-pgp.co.uk
    postcode: OX4 4DQ
  2. PGP sign the copied command:
    • PGP (Windows): Select the PGP icon in the system tray, choose clipboard and then sign.
    • PGP (Mac): Open PGP Desktop.  From the edit menu, choose Sign Clipboard... and select the appropriate key to sign the message with.
    • PGP (Command Line): Save the text to a file, pgp -sta -u <user id> <filename>, copy the contents of the file created.
    • GnuPG: Save the text to a file, gpg -u <TAG> --clearsign --force-v3-sigs <filename>, copy the contents of the file created.
  3. Open a new email and ensure it is set to send in plain text.
  4. Paste the clipboard contents into the body of the email.
  5. Ensure that no text lines exceed your email client’s line wrapping threshold.
  6. Use a subject line of <TAG> Modify (replace <TAG> with your tag name in capital letters).
  7. Send the email to applications@nic.uk.

We provide details for a number of the Automaton's common PGP errors.  If you have any problems please contact us at hostmaster@nominet.org.uk.

What happens next?

Please see our Automaton pages for full details about using our automated system.  Please also see information on the Automaton acceptable use policy.

Nominet PGP Key

Outgoing notifications from our Automaton are also signed and can be verified by using our public key.