You are here: Home > Manage IPs and ASNs > RIPE Database > FAQ: RIPE Database > FAQ: RIPE Database Security > What is a key-cert object, and how can I create it?

What is a key-cert object, and how can I create it?

A key-cert object holds the public part of your key in the RIPE Database. To use the key you just generated in the RIPE Database, you should create it in the form of a key-cert object.

The following steps will help you create a key-cert object:

  • Export your gpg public key to a file with the command gpg --export --armor < your_email_address> > key-cert.txt
  • Issue the command gpg --list-keys and find the line with your e-mail address from output. It should be something like:
    pub 1024D/75FE6D99 2002-07-10 John Smith <>
    Write down the eight characters after the / sign. This is the key id of your key. You'll need it while creating the key-cert.
  • Open the file key-cert.txt with your favorite editor, and add "certif: " (without quotes, but a space after : sign) to the beginning of each line.
  • Add a line to the beginning of the file in the form
    key-cert: PGPKEY-XXXXXXXX
    where XXXXXXXX is the eight characters that you wrote down.
  • To the end of the file, add the following:
    mnt-by: <mntner>
    changed:<email> <date>
    source: RIPE
    where <mntner> is your maintainer name, <email> is your e-mail address, and <date> is the date in YYYYMMDD format.
  • Finally, add the authentication of mntner, e.g. if your maintainer is protected by MD5-PW, add the authentication of mntner to the file in the form password: <cleartext password>.
  • Send this update to You'll receive an acknowledgement. If all goes well, you'll be able to query the database and see the key-cert you just generated by the command PGPKEY-XXXXXXXX.

For more information about RIPE Database, please see the Databaase Reference Manual.

Technical details can be found at: