Lines Matching defs:ksk
92 {"ksk-rollover", no_argument, NULL, '9'},
93 {"ksk-status", required_argument, NULL, '0'},
94 {"ksk-roll-status", required_argument, NULL, '0'},
95 {"ksk-newkey", required_argument, NULL, '1'},
96 {"ksk-publish", required_argument, NULL, '2'},
97 {"ksk-delkey", required_argument, NULL, '3'},
98 {"ksk-roll-phase1", required_argument, NULL, '1'},
99 {"ksk-roll-phase2", required_argument, NULL, '2'},
100 {"ksk-roll-phase3", required_argument, NULL, '3'},
103 {"ksk", no_argument, NULL, 'k'},
188 case '9': /* ksk rollover help */
191 case '1': /* ksk rollover: create new key */
192 case '2': /* ksk rollover: publish DS */
193 case '3': /* ksk rollover: delete old key */
194 case '0': /* ksk rollover: show current status */
197 usage ("ksk rollover requires an domain argument", config);
262 case 'k': /* ksk only */
385 case '1': /* ksk rollover new key */
386 case '2': /* ksk rollover publish DS */
387 case '3': /* ksk rollover delete old key */
388 case '0': /* ksk rollover status */
450 fprintf (stderr, "('%s -9%s' prints out a short description)\n", progname, loptstr ("|--ksk-rollover", ""));
452 lopt_usage ("\tusage: %s {--ksk-roll-phase1|--ksk-newkey} do.ma.in.\n", progname);
454 lopt_usage ("\tusage: %s {--ksk-roll-phase2|--ksk-publish} do.ma.in.\n", progname);
456 lopt_usage ("\tusage: %s {--ksk-roll-phase3|--ksk-delkey} do.ma.in.\n", progname);
458 lopt_usage ("\tusage: %s {--ksk-roll-status|--ksk-status} do.ma.in.\n", progname);
479 fprintf (stderr, "\t-k%s\t key signing keys only\n", loptstr (", --ksk", "\t"));
518 /* create a new key always in state published, which means "standby" for ksk */
551 int ksk;
557 fprintf (stderr, "-1%s", loptstr ("|--ksk-roll-phase1 (--ksk-newkey)\n", ""));
564 fprintf (stderr, "-2%s", loptstr ("|--ksk-roll-phase2 (--ksk-publish)\n", ""));
571 fprintf (stderr, "-3%s", loptstr ("|--ksk-roll-phase3 (--ksk-delkey)\n", ""));
576 fprintf (stderr, "-0%s", loptstr ("|--ksk-roll-stat (--ksk-status)\n", ""));
585 fatal ("ksk rollover: no domain!");
591 fatal ("ksk rollover: domain %s not found!\n", keyname);
616 ksk = 0; /* count active(!) key signing keys */
622 ksk++;
636 fprintf (stdout, "\t # of active key signing keys %d\n", ksk);
647 if ( parent_exist || ksk > 1 )
648 fatal ("Can\'t create new ksk because there is already an ksk rollover in progress\n");
650 fprintf (stdout, "create new ksk \n");
661 if ( (dkp = (dki_t *)dki_findalgo (keylist, 1, conf->k_algo, 'a', 1)) == NULL ) /* find the oldest active ksk to create the parent file */
668 if ( ksk < 2 )
679 fprintf (stdout, "save new ksk in parent file\n");
680 dkp = keylist->next; /* set dkp to new ksk */
685 if ( !parent_exist || ksk < 2 )
686 fatal ("ksk-delkey only allowed after ksk-publish\n");
697 fprintf (stdout, "old ksk renamed \n");
698 dkp = keylist; /* set dkp to old ksk */