dnssec-importkey.docbook revision 0c27b3fe77ac1d5094ba3521e8142d9e7973133f
220a21d38f675eb835f5758e3d23e896573aa5eaLennart Poettering - Copyright (C) 2013-2016 Internet Systems Consortium, Inc. ("ISC")
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann - This Source Code Form is subject to the terms of the Mozilla Public
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann - License, v. 2.0. If a copy of the MPL was not distributed with this
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann - file, You can obtain one at http://mozilla.org/MPL/2.0/.
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann<!-- Converted by db4-upgrade version 1.0 -->
11811e856b0c63439d45edc9c9834ad427e1bb6aDavid Herrmann<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-importkey">
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <refentryinfo>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
01608bc86a104423d192364f9534b83d0c75db7fKay Sievers </refentryinfo>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <refentrytitle><application>dnssec-importkey</application></refentrytitle>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <refnamediv>
37d54b938faeefd0a5a74f9197a33d78bbb8d6bfDaniel Mack <refname><application>dnssec-importkey</application></refname>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <refpurpose>import DNSKEY records from external systems so they can be managed</refpurpose>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack </refnamediv>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack </copyright>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <refsynopsisdiv>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
931618d08c64083ff7b29c494f482c40a5b05608Daniel Mack <arg choice="opt" rep="norepeat"><option>-P sync <replaceable class="parameter">date/offset</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann <arg choice="opt" rep="norepeat"><option>-D sync <replaceable class="parameter">date/offset</replaceable></option></arg>
f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann <arg choice="opt" rep="norepeat"><option>-h</option></arg>
f5f113f66692abaf72e83698cb7b4f3690b90cf8David Herrmann <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-V</option></arg>
01608bc86a104423d192364f9534b83d0c75db7fKay Sievers <arg choice="req" rep="norepeat"><option>keyfile</option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann </cmdsynopsis>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="req" rep="norepeat"><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-P sync <replaceable class="parameter">date/offset</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-D <replaceable class="parameter">date/offset</replaceable></option></arg>
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann <arg choice="opt" rep="norepeat"><option>-D sync <replaceable class="parameter">date/offset</replaceable></option></arg>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann <arg choice="opt" rep="norepeat"><option>-h</option></arg>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann <arg choice="opt" rep="norepeat"><option>-V</option></arg>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann <arg choice="opt" rep="norepeat"><option>dnsname</option></arg>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann </cmdsynopsis>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann </refsynopsisdiv>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann <refsection><info><title>DESCRIPTION</title></info>
e4e66993951e9e349e8008fa7c81184b6e4ae385David Herrmann reads a public DNSKEY record and generates a pair of
e57eaef8a187762ca92838c24b9b6460878a800cDavid Herrmann .key/.private files. The DNSKEY record may be read from an
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann existing .key file, in which case a corresponding .private file
5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann will be generated, or it may be read from any other file or
861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers from the standard input, in which case both .key and .private
861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers files will be generated.
861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers The newly-created .private file does <emphasis>not</emphasis>
861b02ebd6ec997a6880824960ba8903bac74f7dKay Sievers contain private key data, and cannot be used for signing.
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann However, having a .private file makes it possible to set
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann publication (<option>-P</option>) and deletion
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann (<option>-D</option>) times for the key, which means the
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann public key can be added to and removed from the DNSKEY RRset
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann on schedule even if the true private key is stored offline.
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann </refsection>
5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann <refsection><info><title>OPTIONS</title></info>
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack <variablelist>
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack <varlistentry>
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack <term>-f <replaceable class="parameter">filename</replaceable></term>
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack Zone file mode: instead of a public keyfile name, the argument
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack is the DNS domain name of a zone master file, which can be read
9b361114f568e839784a3aeba5c1df5a95e86832Daniel Mack from <option>file</option>. If the domain name is the same as
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann <option>file</option>, then it may be omitted.
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann If <option>file</option> is set to <literal>"-"</literal>, then
5541c88977e63215e74b7517fb33cb27e5a04f17David Herrmann the zone data is read from the standard input.
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann </varlistentry>
2d1ca11270e66777c90a449096203afebc37ec9cDavid Herrmann <varlistentry>
0db83ad7334809a6605501e24bad55f3b652c072David Herrmann <term>-K <replaceable class="parameter">directory</replaceable></term>
0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt Sets the directory in which the key files are to reside.
5f92d24fa85d6652c4754e3b3b2a3393026bd0b9Kay Sievers </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <term>-L <replaceable class="parameter">ttl</replaceable></term>
0aee49d5fba2b2ec94e5c069d937004858a04b4fThomas Hindoe Paaboel Andersen Sets the default TTL to use for this key when it is converted
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering into a DNSKEY RR. If the key is imported into a zone,
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering this is the TTL that will be used for it, unless there was
5f92d24fa85d6652c4754e3b3b2a3393026bd0b9Kay Sievers already a DNSKEY RRset in place, in which case the existing TTL
0f0467e63b0e0688ae9edb1512c1a2637d62ddb4Martin Pitt would take precedence. Setting the default TTL to
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <literal>0</literal> or <literal>none</literal> removes it.
c65514649680e5d5ee6a118db6e5b20438cb1710Ronny Chevalier </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Emit usage message and exit.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <term>-v <replaceable class="parameter">level</replaceable></term>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Sets the debugging level.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Prints version information.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering </variablelist>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <refsection><info><title>TIMING OPTIONS</title></info>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering If the argument begins with a '+' or '-', it is interpreted as
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering an offset from the present time. For convenience, if such an offset
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering then the offset is computed in years (defined as 365 24-hour days,
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering ignoring leap years), months (defined as 30 24-hour days), weeks,
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering days, hours, or minutes, respectively. Without a suffix, the offset
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering is computed in seconds. To explicitly prevent a date from being
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering set, use 'none' or 'never'.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <variablelist>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <term>-P <replaceable class="parameter">date/offset</replaceable></term>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering Sets the date on which a key is to be published to the zone.
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering After that date, the key will be included in the zone but will
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering not be used to sign it.
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering </varlistentry>
470e72d4081c7d0fd74666b7a45358d5ee2abee1Lennart Poettering <varlistentry>
b912e251812bb65bed1d545d9748f5b0918f1559Lennart Poettering <term>-P sync <replaceable class="parameter">date/offset</replaceable></term>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Sets the date on which CDS and CDNSKEY records that match this
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann key are to be published to the zone.
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann </varlistentry>
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann <varlistentry>
f7a73a2558bceffd983eb7642680e718cd981122David Herrmann <term>-D <replaceable class="parameter">date/offset</replaceable></term>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Sets the date on which the key is to be deleted. After that
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering date, the key will no longer be included in the zone. (It
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering may remain in the key repository, however.)
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering </varlistentry>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <varlistentry>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <term>-D sync <replaceable class="parameter">date/offset</replaceable></term>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering Sets the date on which the CDS and CDNSKEY records that match
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering this key are to be deleted.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering </varlistentry>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering </variablelist>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <refsection><info><title>FILES</title></info>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering A keyfile can be designed by the key identification
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <filename>Knnnn.+aaa+iiiii</filename> or the full file name
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <refsection><info><title>SEE ALSO</title></info>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering </citerefentry>,
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <citerefentry>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering </citerefentry>,
481a0aa2c9803a62cda413b8a1d05571957bb4b5Lennart Poettering <citetitle>BIND 9 Administrator Reference Manual</citetitle>,