Create keygroup[Link]

Purpose

create a list of keys that can be linked to multiple domain registrations.

Note

This is a DNS Belgium specific extension, documented in the schema keygroup-1.0.xsd.

The keygroup mapping is a DNS Belgium specific object-extension to the EPP norm, coherent with the EPP object extension framework. The keygroup object allows a registrar to group several keys in one object, to facilitate the mapping between a domain and a list of keys.

Some components of the command need further explanation:

  • <keygroup:name> is required. Contains the (chosen) name for the keygroup. A name can consist of letters, digits, hyphens and dot(.).

  • <keygroup:key> Each keygroup can hold at most 4 keys.

  • <secDNS:flags> is required. DNS Belgium only accepts flag 257 (KSK).

  • <secDNS:protocol> is required. Indicates the protocol used, DNSSEC requires protocol 3.

  • <secDNS:alg> is required. Indicates the algorithm used to generate the key, DNS Belgium recommends these algorithms to generate keys: (8) RSA-SHA256, (10) RSA-SHA512, (13) ECDSA Curve P-256 with SHA-256, (14) ECDSA Curve P-384 with SHA-384, (15) ED25519 and (16) ED448.

  • <secDNS:pubKey> is required. Contains the value of the public key.

Please refer to the examples to see a complete request.

Examples[Link]

A create keygroup command looks like:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0"
    xmlns:secDNS="urn:ietf:params:xml:ns:secDNS-1.1">
  <command>
    <create>
      <keygroup:create xmlns:keygroup="http://www.dns.be/xml/epp/keygroup-1.0">
        <keygroup:name>mykeygroup</keygroup:name>
        <keygroup:key>
          <secDNS:flags>257</secDNS:flags>
          <secDNS:protocol>3</secDNS:protocol>
          <secDNS:alg>8</secDNS:alg>
          <secDNS:pubKey>AwEAAchObqtQhBlAmwkFeVOjgi3rG3skoTWKOcb7dtnoah1bgpTth6Rkqdp3cQeiHBcuHD5o6YLRgR03okzZGF15TNewAyzt6lQXJnsFdrDGR9Gcvnqy98SnmyBU/2KXZKkX5GaSJ5WGrz5I9VToShdssNbEULcRM38aPtd913PnkfYGYr2g1aPYGPx1NwK36bMNHSbrmZEJDYijPfc/HP2/4Wf74/eUL+q955imeukUFQJa+Ufzb+get4RAVRJ9SH3q/nITzCk/6tu8bWuOMn+oZfUaRq4llTKmmQ2ZDGBC3Uk5E++IfKvgIj6yOQhZbY+PLcN3gj8qYqin 213gwynWKm8=</secDNS:pubKey>
        </keygroup:key>
      </keygroup:create>
    </create>
    <clTRID>create-keygroup</clTRID>
  </command>
</epp>

In case of successful creation, the EPP server responds with a standard EPP response message:

<?xml version="1.0" encoding="UTF-8"?>
<epp xmlns="urn:ietf:params:xml:ns:epp-1.0">
  <response>
    <result code="1000">
      <msg>Command completed successfully</msg>
    </result>
    <trID>
      <clTRID>create-keygroup</clTRID>
      <svTRID>dnsbe-342993</svTRID>
    </trID>
  </response>
</epp>

Note

It is your responsibility to ensure that the content makes sense. It is perfectly possible to create a keygroup with all the same keys. The result will be that only 1 key will be linked to the keygroup!