dnssec-importkey.docbook revision 19c7b1a0293498a3e36692c59646ed6e15ffc8d0
c63ebf815c8a874525cf18670ad74847f7fc7b26Christian Maeder - Copyright (C) 2013-2015 Internet Systems Consortium, Inc. ("ISC")
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - Permission to use, copy, modify, and/or distribute this software for any
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder - purpose with or without fee is hereby granted, provided that the above
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - copyright notice and this permission notice appear in all copies.
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
43b4c41fbb07705c9df321221ab9cb9832460407Christian Maeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f4a2a20e49f41b2afa657e5e64d9e349c7faa091Christian Maeder - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian Maeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c9a7e6af169a2adfb92f42331cd578065ed83a2bChristian Maeder - PERFORMANCE OF THIS SOFTWARE.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder<!-- Converted by db4-upgrade version 1.0 -->
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-importkey">
b1f59a4ea7c96f4c03a4d7cfcb9c5e66871cfbbbChristian Maeder <refentryinfo>
404166b9366552e9ec5abb87a37c76ec8a815fb7Klaus Luettich <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </refentryinfo>
ef9e8535c168d3f774d9e74368a2317a9eda5826Christian Maeder <refentrytitle><application>dnssec-importkey</application></refentrytitle>
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder <refname><application>dnssec-importkey</application></refname>
3dde4051c307b609159a097f08a05108fdd036efJonathan von Schroeder <refpurpose>Import DNSKEY records from external systems so they can be managed.</refpurpose>
3dde4051c307b609159a097f08a05108fdd036efJonathan von Schroeder <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
3dde4051c307b609159a097f08a05108fdd036efJonathan von Schroeder <refsynopsisdiv>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
8b767d09a78927b111f5596fdff9ca7d2c1a439fChristian Maeder <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder <arg choice="opt" rep="norepeat"><option>-h</option></arg>
d54cd08a4cfa26256c38d8ed12c343adbfe1a0e3Christian Maeder <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
308834907a120fd8771e18292ed2ca9cd767c12dChristian Maeder <arg choice="opt" rep="norepeat"><option>-V</option></arg>
bab2d88d650448628730ed3b65c9f99c52500e8cChristian Maeder <arg choice="req" rep="norepeat"><option>keyfile</option></arg>
1f9274bb2aa44ea236327814dce99946be52e348Felix Gabriel Mance </cmdsynopsis>
a7c27282e71cf4505026645f96d4f5cb8a284e32Christian Maeder <arg choice="req" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
363939beade943a02b31004cea09dec34fa8a6d9Christian Maeder <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
014dc30f64ec25e4790cca987d4d1e6635430510Christian Maeder <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
f04e8f3ff56405901be968fd4c6e9769239f1a9bKlaus Luettich <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
6aea82c63ba1d2efc0329bc784a14e521469ec20Christian Maeder <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
4ba08bfca0cc8d9da65397b8dfd2654fdb4c0e62Christian Maeder <arg choice="opt" rep="norepeat"><option>-h</option></arg>
feca1d35123d8c31aee238c9ce79947b0bf65494Christian Maeder <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
431d34c7007a787331c4e5ec997badb0f8190fc7Christian Maeder <arg choice="opt" rep="norepeat"><option>-V</option></arg>
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder <arg choice="opt" rep="norepeat"><option>dnsname</option></arg>
f5c0884429b01e74c6e658ded921fb2e16dfb478Christian Maeder </cmdsynopsis>
db675e8302ddb0d6528088ce68f5e98a00e890e3Christian Maeder </refsynopsisdiv>
6dc9bc98d0854fe2e3dd3bfc4275096a0c28ee1cChristian Maeder <refsection><info><title>DESCRIPTION</title></info>
23ffcc44ca8612feccbd8fda63fa5be7ab5f9dc3Christian Maeder reads a public DNSKEY record and generates a pair of
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder .key/.private files. The DNSKEY record may be read from an
c0c2380bced8159ff0297ece14eba948bd236471Christian Maeder existing .key file, in which case a corresponding .private file
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder will be generated, or it may be read from any other file or
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder from the standard input, in which case both .key and .private
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder files will be generated.
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder The newly-created .private file does <emphasis>not</emphasis>
6a79849bed67264c396dddb3e9c184bdfc1a1bc9Christian Maeder contain private key data, and cannot be used for signing.
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder However, having a .private file makes it possible to set
a3c6d8e0670bf2aa71bc8e2a3b1f45d56dd65e4cChristian Maeder publication (<option>-P</option>) and deletion
dc679edd4ca027663212afdf00926ae2ce19b555Christian Maeder (<option>-D</option>) times for the key, which means the
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder public key can be added to and removed from the DNSKEY RRset
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder on schedule even if the true private key is stored offline.
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder </refsection>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <refsection><info><title>OPTIONS</title></info>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <variablelist>
0be0db405c49906bd7057255069bf6df53395ac9Klaus Luettich <varlistentry>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <term>-f <replaceable class="parameter">filename</replaceable></term>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder Zone file mode: instead of a public keyfile name, the argument
f2f9df2e17e70674f0bf426ed1763c973ee4cde0Christian Maeder is the DNS domain name of a zone master file, which can be read
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder from <option>file</option>. If the domain name is the same as
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder <option>file</option>, then it may be omitted.
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder If <option>file</option> is set to <literal>"-"</literal>, then
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder the zone data is read from the standard input.
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder </varlistentry>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder <varlistentry>
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder <term>-K <replaceable class="parameter">directory</replaceable></term>
ca074a78b8dcccbb8c419586787882f98d0c6163Christian Maeder Sets the directory in which the key files are to reside.
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder </varlistentry>
d946c1bfdd7d58aa7c023efe864d5999eb44a61bChristian Maeder <varlistentry>
e6d5dbbc3308f05197868806e0b860f4f53875f1Christian Maeder <term>-L <replaceable class="parameter">ttl</replaceable></term>
eb74267cf39e4e95f9eeb5c765f4c8dac33971b4Christian Maeder Sets the default TTL to use for this key when it is converted
eb74267cf39e4e95f9eeb5c765f4c8dac33971b4Christian Maeder into a DNSKEY RR. If the key is imported into a zone,
e4f4d096e5e6d60dd91c746d0e833d0ac7a29c50Christian Maeder this is the TTL that will be used for it, unless there was
61fa0ac06ede811c7aad54ec4c4202346727368eChristian Maeder already a DNSKEY RRset in place, in which case the existing TTL
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder would take precedence. Setting the default TTL to
f1541d4a151dbd08002dbd14e7eb1d5dde253689Christian Maeder <literal>0</literal> or <literal>none</literal> removes it.
6cd33d6101fb1b93baa6d86fac158af18a115108Christian Maeder </varlistentry>
6cd33d6101fb1b93baa6d86fac158af18a115108Christian Maeder <varlistentry>
59138b404f12352d103eeffbeaeb3957b90e75fdChristian Maeder Emit usage message and exit.
7d0ee72ee91ec305408688b969c43f07b9667c80Christian Maeder </varlistentry>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder <varlistentry>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder <term>-v <replaceable class="parameter">level</replaceable></term>
5191fa24c532d1f67e7a642e9aece65efb8a0975Christian Maeder Sets the debugging level.
f1a913f880e409e7327b5deae95738b5448379a1Christian Maeder </varlistentry>
14c56dc499da4bbeaeebeb558ceb755150ae341cChristian Maeder <varlistentry>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder Prints version information.
93f5b72fdb9ee734caa750b43dd79bbb590dcd73Christian Maeder </varlistentry>
328a85c807f2a95c3f147d10b05927eaf862ebebChristian Maeder </variablelist>
308834907a120fd8771e18292ed2ca9cd767c12dChristian Maeder </refsection>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder <refsection><info><title>TIMING OPTIONS</title></info>
5b818f10e11fc79def1fdd5c8a080d64a6438d87Christian Maeder Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckers If the argument begins with a '+' or '-', it is interpreted as
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder an offset from the present time. For convenience, if such an offset
819e29dba060687cf391e444e0f6ff88c1908cc3Christian Maeder is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder then the offset is computed in years (defined as 365 24-hour days,
63f0e65a37b95621334db9ee4ba0cd9d826f5c0fChristian Maeder ignoring leap years), months (defined as 30 24-hour days), weeks,
140287998aa8592c9c403bd9e308e447ba92ae11Christian Maeder days, hours, or minutes, respectively. Without a suffix, the offset
c208973c890b8f993297720fd0247bc7481d4304Christian Maeder is computed in seconds. To explicitly prevent a date from being
0d0278c34a374b29c2d6c58b39b8b56e283d48e8Christian Maeder set, use 'none' or 'never'.
8b0f493ae42bad8b94918cc0957f1af57096cda4Felix Reckers <variablelist>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder <varlistentry>
9e748851c150e1022fb952bab3315e869aaf0214Christian Maeder <term>-P <replaceable class="parameter">date/offset</replaceable></term>
456238178f89e5a3de2988ee6c8af924297d52d9Christian Maeder Sets the date on which a key is to be published to the zone.
383aa66e5142365fe9b1f88b18c1da5b27cc8c04Christian Maeder After that date, the key will be included in the zone but will
383aa66e5142365fe9b1f88b18c1da5b27cc8c04Christian Maeder not be used to sign it.
3554301a34639efb6c9961a8571775d0061284c9Christian Maeder </varlistentry>
383aa66e5142365fe9b1f88b18c1da5b27cc8c04Christian Maeder <varlistentry>
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder <term>-D <replaceable class="parameter">date/offset</replaceable></term>
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder Sets the date on which the key is to be deleted. After that
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder date, the key will no longer be included in the zone. (It
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder may remain in the key repository, however.)
a14767aeac3e78ed100f5b75e210ba563ee10dbaChristian Maeder </varlistentry>
a14767aeac3e78ed100f5b75e210ba563ee10dbaChristian Maeder </variablelist>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder </refsection>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <refsection><info><title>FILES</title></info>
54ea981a0503c396c2923a1c06421c6235baf27fChristian Maeder A keyfile can be designed by the key identification
697e63e30aa3c309a1ef1f9357745111f8dfc5a9Christian Maeder <filename>Knnnn.+aaa+iiiii</filename> or the full file name
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
697e63e30aa3c309a1ef1f9357745111f8dfc5a9Christian Maeder <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
aded505f9b42cc38975559c2a5d175ae95de436bChristian Maeder </refsection>
819e29dba060687cf391e444e0f6ff88c1908cc3Christian Maeder <refsection><info><title>SEE ALSO</title></info>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder </citerefentry>,
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <citerefentry>
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
254df6f22d01eacf7c57b85729e0445747b630d9Christian Maeder </citerefentry>,
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
d23b0cc79c0d204e6ec758dff8d0ba71c9f693f7Christian Maeder </refsection>