How to Store an AuthInfo

If a domain holder wants to transfer their domain to another provider, they request their current provider to obtain an authenticating password, the so-called AuthInfo. The provider creates an “encrypted” version of the AuthInfo (a so-called hash) and transmits this hash to DENIC. If the provider is not a member of DENIC, the AuthInfo is stored via a DENIC member with whom the provider cooperates. Passing on the password as a hash is another security feature of AuthInfo transmission. DENIC stores the AuthInfo in its database in encrypted form. The Registry does not know the cleartext password.

The length of the AuthInfo must be between 8 and 16 characters. Permitted characters for the AuthInfo are:

A, B, C, D, E‚ F, G, H, J, K, L, M, N, P, Q, R, S, T, U, V, W, X, Y, Z

a, b, c, d, e, f, g, h, i, j, k, m, n, p, q, r, s, t, u, v, w, x, y, z

2, 3, 4, 5, 6, 7, 8, 9

+, -, /, *

Not permitted characters:

I (uppercase i), l lowercase l), O (uppercase o), o (lowercase o) and 0 (zero) and 1

Another additional security feature is the limited term of validity of the AuthInfo. After a maximum of 30 days, it becomes invalid and can no longer be used to carry out a provider change. A new AuthInfo must now be stored before a provider change can be executed.
If the domain holder cannot ask their current provider to request an AuthInfo at DENIC - e.g. because the provider no longer exists or the domain holder cannot reach the provider - they also may obtain a provider change password directly from DENIC. In that case, the domain holder contacts the provider who is going to administer the domain in the future. Unless this provider is a DENIC member due to their relation with a member of the Cooperative, the provider initiates the generation of an AuthInfo directly at DENIC. DENIC then sends the AuthInfo it has generated to the domain holder by registered letter. The letter is addressed to the address recorded in the database. In case of domain holders that are not resident in Germany, the letter is addressed to the Admin-C in Germany in order to avoid long delivery times and to guarantee safe delivery. Parallel to these actions, DENIC records the generated AuthInfo in its database in form of a hash. The domain holder now communicates the AuthInfo to the provider who will administer the domain in the future, and the new provider starts the provider change by submitting the AuthInfo to DENIC.
The illustrations following below explain the two options how to store an AuthInfo with DENIC: