Using PGP (Pretty Good Privacy) Technology with ARIN

You can use PGP (Pretty Good Privacy) with template transactions submitted to hostmaster@arin.net and reassign@arin.net. Using PGP technology with ARIN is simple.

Register and Confirm Your Key with ARIN

To have ARIN verify PGP-signed template transactions sent from you, you will need to register and confirm your key by following these four steps.

  1. Set up PGP on your computer and generate your own public and private keys. Associate one or multiple e-mail addresses with your key. For example, myworkaddress@example.com, roleaccount@example.com, and mypersonaladdress@example.com could all be associated with the same key. In addition, an e-mail address can be associated with more than one key.
  2. Complete and submit the ARIN PGP Registration Form. The only information you will need to enter on this form is your public PGP key refered to in Step 1.
  3. To verify that it was you who registered the key, ARIN will send a separate confirmation message to each
    e-mail address associated with your public key.
  4. For each e-mail address you want ARIN to verify key-signed template transactions from, sign and forward the confirmation message, unchanged, to hostmaster@arin.net. For example, if you have three e-mail addresses associated with the PGP key, and you want ARIN to verify the key signature on template transactions from all of them, you need to sign and forward the confirmation message from all three e-mail addresses.

ARIN will verify your key and notify you to begin signing your template transactions sent to hostmaster@arin.net and reassign@arin.net. Each e-mail address you confirmed is now tied to your key. Any other information associated with your key will be ignored.

Use Your Key with ARIN

Sign template transactions you submit to hostmaster@arin.net or reassign@arin.net with your PGP key. Unsigned template transactions from e-mail addresses with a registered key will not be accepted.

There are a wide variety of mail user agents (MUAs) and PGP signing applications for various operating systems. ARIN has successfully tested a number of these combinations. However, not all MUAs have built-in PGP support. ARIN encourages you to examine your MUA's documentation to determine if it supports PGP signatures, either natively, or through plug-ins. You should also consult your PGP software documentation for information on generating keys, using keys for signatures, and importing ARIN's public key so that you can verify ARIN's e-mail responses to template transactions.

Many ARIN customers use scripts to generate templates, especially those submitting large volumes of SWIP information. You may choose to use command line tools to sign template submissions, which may be included in your custom script. This technique has been successfully tested and is useful for high volume submissions to ARIN.

ARIN has not implemented the encryption functionality of PGP. Therefore, ARIN will not accept encrypted incoming mail at this time, nor will ARIN encrypt any outgoing mail. Do not encrypt your e-mail to ARIN. NOTE: Some PGP software packages have encryption turned on as the default setting. You must change the default setting to turn off encryption in order to submit e-mail to ARIN.

Verify E-mail You Receive from ARIN

ARIN will sign replies to template transactions with its key. This allows you to authenticate e-mail sent from hostmaster@arin.net and reassign@arin.net.

You may verify ARIN's public key from this site. ARIN has also registered its public key with the key server at pgp.mit.edu so that you may confirm its authenticity. You will need to use your PGP software to download and install ARIN's public key on your local keyring in order to authenticate e-mail you receive from ARIN.

Report Problems with Keys

If you have any issues (lost, stolen, forgot passphrase, etc.) with the key you registered with ARIN, contact the Registration Services Help Desk at hostmaster@arin.net or +1.703.227.0660 and an Analyst will work with you to resolve the problem.