bin/dnssec/dnssec-importkey.html

	dnssec-importkey.html revision 0c91911b4d1e872b87eaf6431ed47fe24d18dd43
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<!--
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - Copyright (C) 2013 Internet Systems Consortium, Inc. ("ISC")
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews -
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - purpose with or without fee is hereby granted, provided that the above
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - copyright notice and this permission notice appear in all copies.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews -
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews-->
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<!-- $Id$ -->
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<html>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<head>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<title>dnssec-importkey</title>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</head>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refnamediv">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<h2>Name</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsynopsisdiv">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<h2>Synopsis</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">keyname</code>]</p></div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsect1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="idp5321760"></a><h2>DESCRIPTION</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<p><span class="command"><strong>dnssec-importkey</strong></span>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      read a DNSKEY record and generated a .key/.private key pair.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      Publication (<code class="option">-P</code>) and deletions (<code class="option">-D</code>)
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      times can be set for the key.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews    </p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsect1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="idp5324080"></a><h2>OPTIONS</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="variablelist"><dl class="variablelist">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews        Filename to read the key from.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            Sets the directory in which the key files are to reside.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews          </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            Sets the default TTL to use for this key when it is converted
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            into a DNSKEY RR.  If the key is imported into a zone,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            this is the TTL that will be used for it, unless there was
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            already a DNSKEY RRset in place, in which case the existing TTL
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            would take precedence.  importkey the default TTL to
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            <code class="literal">0</code> or <code class="literal">none</code> removes it.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews          </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-h</span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews        Emit usage message and exit.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            Sets the debugging level.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews          </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</dl></div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsect1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="idp5336224"></a><h2>TIMING OPTIONS</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      If the argument begins with a '+' or '-', it is interpreted as
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      an offset from the present time.  For convenience, if such an offset
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      then the offset is computed in years (defined as 365 24-hour days,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      ignoring leap years), months (defined as 30 24-hour days), weeks,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      days, hours, or minutes, respectively.  Without a suffix, the offset
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      is computed in seconds.  To unset a date, use 'none'.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews    </p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="variablelist"><dl class="variablelist">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            Sets the date on which a key is to be published to the zone.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            After that date, the key will be included in the zone but will
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            not be used to sign it.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews          </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<dd><p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            Sets the date on which the key is to be deleted.  After that
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            date, the key will no longer be included in the zone.  (It
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews            may remain in the key repository, however.)
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews          </p></dd>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</dl></div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsect1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="idp5342816"></a><h2>SEE ALSO</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews      <em class="citetitle">RFC 5011</em>.
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews    </p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<div class="refsect1">
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<a name="idp5346704"></a><h2>AUTHOR</h2>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews<p><span class="corpauthor">Internet Systems Consortium</span>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews    </p>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</div></body>
0c91911b4d1e872b87eaf6431ed47fe24d18dd43Mark Andrews</html>