FAQs - RIK

How do I install the RIK?

After downloading the CPAN tarball for your platform and the RIK from http://nzrs.net.nz/srs/rik :

  • Follow the instructions of the INSTALL document in the RIK to install the CPAN modules and setup the RIK
  • If not done yet, generate a PGP key. Send the public key to NZRS to add to your registrar account. Use the private key to sign your communication with the SRS. For more information check the FAQ "How is the PGP key generated and set up?
  • Once your access to the Test SRS has been confirmed by NZRS you should be able to connect to the Test SRS by running one of the command line tools in the RIK
How is the PGP key generated and set up?

We recommended to use the GnuPG tool to generate a key (http://www.gnupg.org/).

Make sure all the following commands are executed as the user that will be running the command line client, or any of the SRS::Client modules.

To generate a key, type:

gpg --gen-key

Follow the instructions the the gpg application gives you:

  • Choose a 'DSA and ElGamal' type key
  • with keysize '2048', 
  • and '0' expiry (unless you have reason to choose non-default settings). 

You can create a passphrase if you prefer one. If the key is generated with a passphrase the passphrase needs to be provided as environment variable (see below for more details)

Once the key is generated, you can export it by typing:

gpg --export --armour <username>

Username is either the 'Real Name', 'Email Address' or both, that you entered for the key (type: 'gpg --list-keys' to view usernames for your keys). This is also the name you need to pass to the command line client, or the SRS::Client modules. (However, the most recently added secret key is your default secret key, and will be used if you don't specify a username).

The export command will print the armoured key to STOUT. If it's more convenient, you can redirect this to a file:

gpg --export --armour <username> > pub.key

If you are using the RIK command line clients (SendXML or SRSClient) or you want to verify the signatures sent with responses by the registry, then you must import the registy's public key to your keyring. To do this, type:

gpg --import reg.key

The registry's public key is included in a file (reg.key) in the top level directory of the Technical RIK.

You will have to specify the path to the key file if you're executing 'gpg' in a directory other than the one containing the key file.

Please note that the minimum PGP Key size we allow is '1024' bytes and NZRS recommend that a key size of '2048' bytes is used.

If you have more than one key in your GPG keyring it may be necesary to specify which GPG identity should be used. Depending on how you are using the RIK there are a number of different ways this can be done:

  • For the sendXML program you can specify using the GNUPGID environment variable 
  • For the SRSClient program you can specify a '-u' parameter 
  • For the webserver you can specify an 'Id' value within the 'Crypto' block. 

In all cases you should specify the real-name of the GPG id, not the fingerprint

If you use a key with a passphrase:

The passphrase needs to be specified in an environment variable SRS_RIK_PASSPHRASE. Or a environment variable SRS_RIK_PASSPHRASE_FILE points to a file containing the passphrase.

How do I install the SRSClient?
  • Install the RIK (FAQ 'How do I install the RIK')
  • Once you have installed the RIK and have access to the test system you should be able to run the SRSClient from the RIK install directory:
srsrik/release-x-x/SRSClient.sh -r <registrar_id> [flags] Transaction: <transaction-type> [field_list]

Example

For registrar ID 999, a simple whois request would be

srsrik/release-x-x/SRSClient.sh -r 999 -a https://srstest.srs.net.nz/srs/registrar Transaction: Whois Domain_name: nzrs.net.nz

Refer to the templates directory in the RIK for more transaction type examples and the SRSClient documentation for command line options.

FAQ Categories

Registrars