At a glance
- We use PGP digital signatures to confirm the authenticity of all email requests sent to the Automaton
- Use your PGP software to create your PGP key
- You need to extract a copy of your public key and add it to Nominet’s keyring.
- You add or remove your PGP key to our system via your online service account
We use PGP digital signatures to confirm the authenticity of all email requests sent to the Automaton. Due to the range and availability we cannot list all sources, but you can find a wide range of PGP compatible software at the following sites:
- http://www.pgp.com - Graphical Windows/Mac versions of PGP
- http://www.gnupg.org - Free command line alternative to PGP
- http://www.pgpi.org - Multiple freeware versions of PGP (to V6.5.8) and GnuPG.
Please note that it is your responsibility to licence the version you use.
Generating a PGP key for use with the Automaton
The way you create your PGP key will differ depending on the PGP application you use. The following instructions cover the most common PGP variations used with our Automaton and provide the configuration information that can be used with any PGP application. Any further information requested by your PGP application should either be left empty or as its default value. A visual guide for Windows PGP Desktop 9.x is also available.
- Activate the key generator for your PGP program:
- PGP (Windows): Click the File menu and select New Key
- PGP (Mac): Click the File menu and select New then PGP Key
- PGP (Command Line): PGP -kg 1024
- GnuPG: gpg --gen-key --allow-freeform-uid
- Provide the following information when prompted:
- Name/User ID: The upper-case TAG name provided by us
- Email Address: Must be left blank
- Key Pair Size: 1024
- Expiry date: Never expire
- Passphrase: Your choice of password, required whenever you use PGP
- After leaving the key generator users of PGP 9 (or above) must also:
- Double click on the newly created key
- Select the Hash field then Edit... and make sure only SHA-1 is selected
Adding your PGP key to the Automaton's keyring
So that the Automaton can verify messages signed with your new PGP key, you need to extract a copy of your public key and add it to our system. The key data added should look similar to that of our own public key.
- Copy your public PGP key to your clipboard:
- PGP (Windows): Right click on the key and select copy or copy public key
- PGP (Mac): Right click on the key and select Export To Clipboard
- PGP (Command Line): pgp -kxa -u <User ID>, copy the key from the file created
- GnuPG: gpg --armor --export <KeyID> > key.asc, copy the contents of key.asc
- Login to our Online Service
- Click on Tag Settings and then Edit PGP Keys.
- Select Import a New PGP key and paste your public PGP key into the PGP Key Text field. If present, remove any additional lines outside of the ----- PGP ----- lines.
- Click on Import Key and confirm Yes, create the key and put it live
You will be able to use the key when the Automaton's keyring next updates, which occurs daily around 8pm (GMT).
Testing your PGP key
The following steps outline how to PGP sign and send messages to the Automaton. We recommend sending a test request to verify that your key has been successfully added. As mentioned above, after adding a new key the test can be made once the Automaton's keyring next updates at 8pm (GMT).
- Highlight and copy the following Automaton modification test command:
operation: modify key: automaton-test-pgp.co.uk postcode: OX4 4DQ
- PGP sign the copied command:
- PGP (Windows): Select the PGP icon in the system tray, choose clipboard and then sign.
- PGP (Mac): Open PGP Desktop. From the edit menu, choose Sign Clipboard... and select the appropriate key to sign the message with.
- PGP (Command Line): Save the text to a file, pgp -sta -u <user id> <filename>, copy the contents of the file created.
- GnuPG: Save the text to a file, gpg -u <TAG> --clearsign --force-v3-sigs <filename>, copy the contents of the file created.
- Open a new email and ensure it is set to send in plain text.
- Paste the clipboard contents into the body of the email.
- Ensure that no text lines exceed your email client’s line wrapping threshold.
- Use a subject line of <TAG> Modify (replace <TAG> with your tag name in capital letters).
- Send the email to firstname.lastname@example.org.
We provide details for a number of the Automaton's common PGP errors. If you have any problems please contact us at email@example.com.
What happens next?
Nominet PGP Key
Outgoing notifications from our Automaton are also signed and can be verified by using our public key.