bin/dnssec/dnssec-keyfromlabel.docbook

	dnssec-keyfromlabel.docbook revision 2a31bd531072824ef252c18303859d6af7451b00
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont           [<!ENTITY mdash "&#8212;">]>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<!--
26d8ffe715e74d1e67d268551449b780fec1b95fAutomatic Updater - Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Copyright (C) 2000-2003  Internet Software Consortium.
db0008c4486414b81e90dca9938e1fc2320e5133Automatic Updater -
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Permission to use, copy, modify, and distribute this software for any
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - purpose with or without fee is hereby granted, provided that the above
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - copyright notice and this permission notice appear in all copies.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont -
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - PERFORMANCE OF THIS SOFTWARE.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont-->
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<!-- $Id: dnssec-keyfromlabel.docbook,v 1.2 2008/03/31 14:42:50 fdupont Exp $ -->
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<refentry id="man.dnssec-keyfromlabel">
cf58feee56bf1afb8c2909f399a6f1e28d0dbf68Jeremy Reed  <refentryinfo>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <date>february 8, 2008</date>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  </refentryinfo>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  <refmeta>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <manvolnum>8</manvolnum>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <refmiscinfo>BIND9</refmiscinfo>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  </refmeta>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  <refnamediv>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <refname><application>dnssec-keyfromlabel</application></refname>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <refpurpose>DNSSEC key generation tool</refpurpose>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  </refnamediv>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  <docinfo>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <copyright>
26d8ffe715e74d1e67d268551449b780fec1b95fAutomatic Updater      <year>2004</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2005</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2006</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2007</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2008</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </copyright>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <copyright>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2000</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2001</year>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <year>2002</year>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <year>2003</year>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <holder>Internet Software Consortium.</holder>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont    </copyright>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  </docinfo>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt  <refsynopsisdiv>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <cmdsynopsis>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      <command>dnssec-keyfromlabel</command>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-k</option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <arg choice="req">name</arg>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </cmdsynopsis>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  </refsynopsisdiv>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  <refsect1>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <title>DESCRIPTION</title>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <para><command>dnssec-keyfromlabel</command>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      gets keys with the given label from a crypto hardware and builds
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      key files for DNSSEC (Secure DNS), as defined in RFC 2535
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      and RFC 4034.
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    </para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont  </refsect1>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont  <refsect1>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <title>OPTIONS</title>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <variablelist>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        Selects the cryptographic algorithm.  The value of
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <option>algorithm</option> must be one of RSAMD5 (RSA)
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        or RSASHA1, DSA or DH (Diffie Hellman).  These values
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        are case insensitive.
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      </para>
6098d364b690cb9dabf96e9664c4689c8559bd2eMark Andrews          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            algorithm, and DSA is recommended.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Note 2: DH automatically sets the -k flag.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-l <replaceable class="parameter">label</replaceable></term>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont        <listitem>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont          <para>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont            Specifies the label of keys in the crypto hardware
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont            (PKCS#11 device).
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont          </para>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont        </listitem>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont      </varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont      <varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont        <term>-n <replaceable class="parameter">nametype</replaceable></term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Specifies the owner type of the key.  The value of
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            <option>nametype</option> must either be ZONE (for a DNSSEC
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont            a host (KEY)),
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            These values are
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            case insensitive.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-c <replaceable class="parameter">class</replaceable></term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Indicates that the DNS record containing the key should have
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            the specified class.  If not specified, class IN is used.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        </listitem>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      </varlistentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <varlistentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <term>-f <replaceable class="parameter">flag</replaceable></term>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <listitem>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont          <para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont            Set the specified flag in the flag field of the KEY/DNSKEY record.
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont            The only recognized flag is KSK (Key Signing Key) DNSKEY.
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont          </para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        </listitem>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      </varlistentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <varlistentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <term>-h</term>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Prints a short summary of the options and arguments to
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            <command>dnssec-keygen</command>.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-k</term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Generate KEY records rather than DNSKEY records.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-p <replaceable class="parameter">protocol</replaceable></term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont          <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Sets the protocol value for the generated key.  The protocol
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            is a number between 0 and 255.  The default is 3 (DNSSEC).
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Other possible values for this argument are listed in
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            RFC 2535 and its successors.
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt          </para>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt        </listitem>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt      </varlistentry>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt      <varlistentry>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt        <term>-t <replaceable class="parameter">type</replaceable></term>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt        <listitem>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt          <para>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt            Indicates the use of the key.  <option>type</option> must be
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            is AUTHCONF.  AUTH refers to the ability to authenticate
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            data, and CONF the ability to encrypt data.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </varlistentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <varlistentry>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <term>-v <replaceable class="parameter">level</replaceable></term>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          <para>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt            Sets the debugging level.
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt          </para>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt        </listitem>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt      </varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt    </variablelist>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt  </refsect1>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt  <refsect1>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <title>GENERATED KEY FILES</title>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      When <command>dnssec-keyfromlabel</command> completes
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      successfully,
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      to the standard output.  This is an identification string for
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      the key files it has generated.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <itemizedlist>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <para><filename>nnnn</filename> is the key name.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </listitem>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <para><filename>aaa</filename> is the numeric representation
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          of the
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          algorithm.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        <para><filename>iiiii</filename> is the key identifier (or
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          footprint).
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont        </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      </listitem>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </itemizedlist>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <para><command>dnssec-keyfromlabel</command>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      creates two files, with names based
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      contains the public key, and
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      private
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      key.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      The <filename>.key</filename> file contains a DNS KEY record
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      that
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      can be inserted into a zone file (directly or with a $INCLUDE
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      statement).
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    <para>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      The <filename>.private</filename> file contains algorithm
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      specific
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      fields.  For obvious security reasons, this file does not have
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      general read permission.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont    </para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont  </refsect1>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont  <refsect1>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    <title>SEE ALSO</title>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    <para><citerefentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      </citerefentry>,
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <citerefentry>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      </citerefentry>,
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <citetitle>RFC 2535</citetitle>,
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <citetitle>RFC 2845</citetitle>,
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont      <citetitle>RFC 2539</citetitle>.
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    </para>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont  </refsect1>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont  <refsect1>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    <title>AUTHOR</title>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    <para><corpauthor>Internet Systems Consortium</corpauthor>
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont    </para>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt  </refsect1>
b843f577bbcd6660fbaa506d9e55b156c689a5a8Evan Hunt
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont</refentry><!--
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont - Local variables:
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont - mode: sgml
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont - End:
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont-->
1f821c10583d9cddbaf3626a96ff8cf10cdb645bFrancis Dupont