bin/dnssec/dnssec-keyfromlabel.docbook

	dnssec-keyfromlabel.docbook revision 6098d364b690cb9dabf96e9664c4689c8559bd2e
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews           [<!ENTITY mdash "&#8212;">]>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<!--
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews -
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - purpose with or without fee is hereby granted, provided that the above
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - copyright notice and this permission notice appear in all copies.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews -
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - PERFORMANCE OF THIS SOFTWARE.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews-->
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<!-- $Id: dnssec-keyfromlabel.docbook,v 1.4 2008/09/24 02:46:21 marka Exp $ -->
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews<refentry id="man.dnssec-keyfromlabel">
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refentryinfo>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <date>february 8, 2008</date>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refentryinfo>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refmeta>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <manvolnum>8</manvolnum>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <refmiscinfo>BIND9</refmiscinfo>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refmeta>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refnamediv>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <refname><application>dnssec-keyfromlabel</application></refname>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <refpurpose>DNSSEC key generation tool</refpurpose>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refnamediv>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <docinfo>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <copyright>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <year>2008</year>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </copyright>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </docinfo>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsynopsisdiv>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <cmdsynopsis>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <command>dnssec-keyfromlabel</command>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-k</option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <arg choice="req">name</arg>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </cmdsynopsis>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsynopsisdiv>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <title>DESCRIPTION</title>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para><command>dnssec-keyfromlabel</command>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      gets keys with the given label from a crypto hardware and builds
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      key files for DNSSEC (Secure DNS), as defined in RFC 2535
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      and RFC 4034.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <title>OPTIONS</title>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <variablelist>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        Selects the cryptographic algorithm.  The value of
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <option>algorithm</option> must be one of RSAMD5 (RSA)
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        These values are case insensitive.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            algorithm, and DSA is recommended.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Note 2: DH automatically sets the -k flag.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-l <replaceable class="parameter">label</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Specifies the label of keys in the crypto hardware
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            (PKCS#11 device).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-n <replaceable class="parameter">nametype</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Specifies the owner type of the key.  The value of
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            <option>nametype</option> must either be ZONE (for a DNSSEC
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            a host (KEY)),
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            These values are
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            case insensitive.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-c <replaceable class="parameter">class</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Indicates that the DNS record containing the key should have
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            the specified class.  If not specified, class IN is used.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-f <replaceable class="parameter">flag</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Set the specified flag in the flag field of the KEY/DNSKEY record.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            The only recognized flag is KSK (Key Signing Key) DNSKEY.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-h</term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Prints a short summary of the options and arguments to
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            <command>dnssec-keygen</command>.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-k</term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Generate KEY records rather than DNSKEY records.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-p <replaceable class="parameter">protocol</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Sets the protocol value for the generated key.  The protocol
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            is a number between 0 and 255.  The default is 3 (DNSSEC).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Other possible values for this argument are listed in
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            RFC 2535 and its successors.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-t <replaceable class="parameter">type</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Indicates the use of the key.  <option>type</option> must be
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            is AUTHCONF.  AUTH refers to the ability to authenticate
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            data, and CONF the ability to encrypt data.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <term>-v <replaceable class="parameter">level</replaceable></term>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews            Sets the debugging level.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </varlistentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </variablelist>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <title>GENERATED KEY FILES</title>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      When <command>dnssec-keyfromlabel</command> completes
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      successfully,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      to the standard output.  This is an identification string for
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      the key files it has generated.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <itemizedlist>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <para><filename>nnnn</filename> is the key name.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <para><filename>aaa</filename> is the numeric representation
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          of the
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          algorithm.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <para><filename>iiiii</filename> is the key identifier (or
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews          footprint).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </listitem>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </itemizedlist>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para><command>dnssec-keyfromlabel</command>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      creates two files, with names based
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      contains the public key, and
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      private
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      key.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      The <filename>.key</filename> file contains a DNS KEY record
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      that
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      can be inserted into a zone file (directly or with a $INCLUDE
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      statement).
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      The <filename>.private</filename> file contains algorithm
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      specific
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      fields.  For obvious security reasons, this file does not have
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      general read permission.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <title>SEE ALSO</title>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para><citerefentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </citerefentry>,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <citerefentry>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      </citerefentry>,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <citetitle>RFC 2535</citetitle>,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <citetitle>RFC 2845</citetitle>,
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews      <citetitle>RFC 2539</citetitle>.
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  <refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <title>AUTHOR</title>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    <para><corpauthor>Internet Systems Consortium</corpauthor>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews    </para>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews  </refsect1>
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews</refentry><!--
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - Local variables:
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - mode: sgml
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews - End:
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews-->
5c526acb82c882e41b655c31f5fa4425c87b671cMark Andrews