key-cert

Object Template

The object template includes information on how to complete the attribute values.

               Status       Instance     Search Status

key-cert:      [mandatory]  [single]     [primary/lookup key]
method:        [generated]  [single]     [ ]
owner:         [generated]  [multiple]   [ ]
fingerpr:      [generated]  [single]     [ ]
certif:        [mandatory]  [multiple]   [ ]
remarks:       [optional]   [multiple]   [ ]
notify:        [optional]   [multiple]   [inverse key]
admin-c:       [optional]   [multiple]   [inverse key]
tech-c:        [optional]   [multiple]   [inverse key]
mnt-by:        [mandatory]  [multiple]   [inverse key]
changed:       [mandatory]  [multiple]   [ ]
source:        [mandatory]  [single]     [ ]

 

Example

key-cert:     PGPKEY-83F2A90E
method:       PGP
owner:        DEMO-ISP Hostmaster <hostmaster@demo.net>
fingerpr:     CE3D 4829 A392 733E A37B  B7DC 4463 4AB2 83F2 A90E
certif:       -----BEGIN PGP PUBLIC KEY BLOCK-----
certif:       Version: GnuPG v1.0.6 (GNU/Linux)
certif:       Comment: For info see http://www.gnupg.org
certif:
certif:       mQGiBD0GnVIRBADDmMMFTKQ1Ye7r8T+Rg4y1kqjQBd1rCVU8ifZjQBy9G7W9MZa1
certif:       RxOd6QpPA4x0mr9oeLXKuV3S1l85LPw8vchiL3XJyEha7WhKAFWqDSz9mclFpkeH
certif:       mfoFftI+C207IupyuGVatBFZlqHPPfhmvxseIAx8VqauyEliLtNlVZGRNwCg0DKN
certif:       KUiNRLnwuADrHBPX3EaQ6wUEAJ/wMW8xvOQFIXVZ+JFMgZTvC+KrafHqkKkEWy45
certif:       anfZ5glXxX7f6iOaIV8+dnkyeWaWMLVaxr9xJZV5yrcvbmr6q4f+lBK833c/65CZ
certif:       8HMZT6/vjyVBBnUTH466233bsRwEElQeKQytjvQOW6oP6JSIMiocNBTL97atF0h9
certif:       tbs3A/4ivLAWmO/jTJUguv+COE/RaaClfL21LsPCWzj5FMkblq6l4Q+O3zYVmzMF
certif:       HYrN9y20UJkkMlF6lLaygL/jJqHKrOyJ62mqr+djiGEmbm4RPchpGYab1ZYtSP5J
certif:       +HBdkLyvJwzu/EFENk8qUFwGGK648QZwdb5l0PpupIJVAhzh4LQpU29uIFRyYW4g
certif:       KHNvbiBmcm9tIEFQTklDKSA8c29uQGFwbmljLm5ldD6IXQQTEQIAHQUCPQadUgUJ
certif:       AeEzgAULBwoDBAMVAwIDFgIBAheAAAoJEERjSrKD8qkOqdIAn16HWeFUWC4UDps9
certif:       RL6Ih36nD7ImAKCyGujiMGf158S+xaznZErAHmUmxrkBDQQ9Bp1TEAQAm4b1a2mJ
certif:       5K9r523VpfEqzGAPNlnpM/in57ypE9qpwZbKvtX1pa0oevQU+G41vEQwWatlMKLY
certif:       Rj5NPpvAxQ5T7PyGVQ1EHL+vsFPRyQ2g4XQUytRn7Isp1/j8RmnXFNoBawaGwcuS
certif:       9H/RXCR6WRh7lGNwSSND5aoW1e1tiQ9GAm8AAwUD/0LFbiN6Yq28RtSBVbFrt4mW
certif:       rTdzLE2ROlD1AGLxc8YLlL5xx9+5H8Wx4OVJrdQGeNIA9lSv9x4dnxVLg9srXiew
certif:       ORDwHvyn7gvqaGHSxkKMZksB1KH0sgGBQ2gBalGZLuZwTmYGsBb2AizDy/ALf9BX
certif:       4/VPjQng8ZEwHtO4ZMs6iEwEGBECAAwFAj0GnVMFCQHhM4AACgkQRGNKsoPyqQ7u
certif:       mACfU+I4OAGKexPQy3p3ailQUhLhxIsAn3W9U0308+saZqMX0I4Lj2S3VIzz
certif:       =Fw7X
certif:       -----END PGP PUBLIC KEY BLOCK-----
remarks:      DEMO-ISP PGP key
notify:        hostmaster@demo.net
mnt-by:       MAINT-DEMO-AP
changed:      hm-changed@apnic.net 20101231
source:       APNIC

 

Attribute status

Mandatory

Attribute must be included in the object.  Failure to do so will result in errors.

Attribute Description
key-cert Defines the public key using the format:

PGPKEY-<id>

Where <id> is the identity of the PGP public key expressed in 8-digit hexadecimal format without “0x” prefix.

owner The owner of the public key.

EXAMPLE
Zane Ulrich <zulrich@sparkynet.com.wf>

This attribute is generated automatically by the database software and must be omitted from the template when creating a key-cert object.

fingerpr A fingerprint of the key certificate generated by the database. This attribute is generated automatically by the database software and must be omitted from the template when creating a key-cert object.
certif The public key in ASCII armored format. Includes all the lines of the exported key, the begin and end markers, and the empty line which separates the header from the key body. Example:

certif: ---BEGIN PGP PUBLIC KEY BLOCK---
certif: Version: 2.6.3ia
certif: mQA9AzZizeQAAAEBgJsq2YfoInVOWlLxalmR14GlUz
certif: Ed0WgrUHa/uqWiLnvN59S4rgDQAFEbQeSm9lIFRoZS
certif: BVc2VyIDxqb2VAiLwUQNmLN5ee83n1LiuANAQFOFQG
certif: WBdMNDKBiOSyAmowlUYtF+xnYvpKr05Aycn8Rb55E1
certif: onZL5KhNMYU/gd
certif: =nfno
certif: ---END PGP PUBLIC KEY BLOCK---

mnt-by Lists a registered ‘mntner’ used to authorize and authenticate changes to this object.

  • A ‘mntner’ object is a database object used to authorize updates to the APNIC database.
  • When your database details are protected by a ‘mntner’ object, then only persons with access to the security information of that ‘mntner’ object will be able to change details.
  • In the web interface, the mnt-by attribute contains a link to the specified ‘mntner’.
changed The email address of who last updated the database object and the date it occurred.

  • Every time a change is made to a database object, this attribute will show the email address of the person who made those changes.
  • All APNIC delegated IP addresses will initially record an APNIC email address in this attribute, as APNIC creates the first database object.
  • Please use the address format specified in RFC 822 – Standard for the Format of ARPA Internet Text Message and provide the date format using one of the following two formats: YYYYMMDD or YYMMDD.
changed: hostmaster@sparkynet.com.wf 20010921

IMPORTANT! This is NOT to be used as a contact address.

source The database where the object is registered.

  • Use APNIC for objects in the APNIC Database.
  • Please use UPPERCASE letters.

Optional

Attribute may be deleted from the object. To delete an optional attribute you must also remove the attribute from the object template.  Failure to do so will result in errors.

Attribute Description
admin-c The NIC-handle of an on-site contact ‘person’ object. As more than one person often fulfills a role function, there may be more than one admin-c listed.

  • In the web interface, the admin-c attribute contains a link to the ‘person‘ object the NIC-handle belongs to.
  • An administrative contact (admin-c) must be someone who is physically located at the site of the network.
tech-c The NIC-handle of a technical contact ‘person’ or ‘role’ object.  As more than one person often fulfills a role function, there may be more than one tech-c listed.

  • In the web interface, the tech-c attribute contains a link to the ‘person’ or ‘role’ object to which the NIC-handle belongs to.
  • A technical contact (tech-c) must be a person responsible for the day-to-day operation of the network, but does not need to be physically located at the site of the network.
remarks General remarks. May include a URL or email address.
notify The email address to which notifications of changes to this object should be sent.

Generated

Attribute value is generated by the database.

Instances of attribute allowed

Single
Attribute must appear only once in the object.
Multiple
Attribute may appear multiple times in the object. For example, you may wish to include more than one admin-c attribute.

Attribute search status

Primary key
Primary keys distinguish an object from all other objects in the database. To update a primary key, you must delete the entire object and them create a new object with the updated information.
Lookup key
Attribute can be queried in the database to return the object.  Please note, however, that a lookup key does not uniquely identify an object.
Inverse key
Attribute can be used when performing an inverse query using the -i flag. For example, the query

-i mntner <MNTNER-NAME>

will return all objects with the specified maintainer in the mnt-by attribute.