dnssec-importkey.docbook revision 6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews [<!ENTITY mdash "—">]>
d2bdd5b314d3ee2250c740fe5fff8b91ab3731b2Tinderbox User - Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - purpose with or without fee is hereby granted, provided that the above
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - copyright notice and this permission notice appear in all copies.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<!-- $Id: dnssec-importkey.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refentryinfo>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </refentryinfo>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refentrytitle><application>dnssec-importkey</application></refentrytitle>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refnamediv>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refname><application>dnssec-importkey</application></refname>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refpurpose>Import DNSKEY records from external systems so they can be managed.</refpurpose>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </refnamediv>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </copyright>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refsynopsisdiv>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <cmdsynopsis>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg choice="req"><option>keyfile</option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews </cmdsynopsis>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <cmdsynopsis>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg choice="req"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </cmdsynopsis>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </refsynopsisdiv>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews reads a public DNSKEY record and generates a pair of
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews .key/.private files. The DNSKEY record may be read from an
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews existing .key file, in which case a corresponding .private file
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews will be generated, or it may be read from any other file or
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews from the standard input, in which case both .key and .private
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews files will be generated.
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews The newly-created .private file does <emphasis>not</command>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews contain private key data, and cannot be used for signing.
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews However, having a .private file makes it possible to set
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews (<option>-D</option>) times for the key, which means the
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews public key can be added to and removed from the DNSKEY RRset
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews on schedule even if the true private key is stored offline.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <variablelist>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-f <replaceable class="parameter">filename</replaceable></term>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews Zone file mode: instead of a public keyfile name, the argument
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews is the DNS domain name of a zone master file, which can be read
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews from <option>file</option>. If the domain name is the same as
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews If <option>file</option> is set to <literal>"-"</literal>, then
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews the zone data is read from the standard input.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-K <replaceable class="parameter">directory</replaceable></term>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Sets the directory in which the key files are to reside.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-L <replaceable class="parameter">ttl</replaceable></term>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Sets the default TTL to use for this key when it is converted
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews into a DNSKEY RR. If the key is imported into a zone,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews this is the TTL that will be used for it, unless there was
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews already a DNSKEY RRset in place, in which case the existing TTL
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews would take precedence. Setting the default TTL to
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <literal>0</literal> or <literal>none</literal> removes it.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Emit usage message and exit.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-v <replaceable class="parameter">level</replaceable></term>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Sets the debugging level.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </variablelist>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews If the argument begins with a '+' or '-', it is interpreted as
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews an offset from the present time. For convenience, if such an offset
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews then the offset is computed in years (defined as 365 24-hour days,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews ignoring leap years), months (defined as 30 24-hour days), weeks,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews days, hours, or minutes, respectively. Without a suffix, the offset
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews is computed in seconds. To unset a date, use 'none'.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <variablelist>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-P <replaceable class="parameter">date/offset</replaceable></term>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Sets the date on which a key is to be published to the zone.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews After that date, the key will be included in the zone but will
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews not be used to sign it.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <term>-D <replaceable class="parameter">date/offset</replaceable></term>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews Sets the date on which the key is to be deleted. After that
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews date, the key will no longer be included in the zone. (It
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews may remain in the key repository, however.)
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </varlistentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </variablelist>
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews A keyfile can be designed by the key identification
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <filename>Knnnn.+aaa+iiiii</filename> or the full file name
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
6b0434299b05b6ca05c6836b9e8fbb7e67f05fb8Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </citerefentry>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <citerefentry>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews </citerefentry>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews <para><corpauthor>Internet Systems Consortium</corpauthor>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - Local variables:
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - mode: sgml