bin/dnssec/dnssec-keygen.html

	dnssec-keygen.html revision 731cc132f22dbc9e0ecd7035dce314a61076d31b
280a8a0544b4aeb52414d20e8c6e6c5b1108562eTinderbox User<!--
6c2a76b3e2ccd32c35814b6e0f54da00190749d7Evan Hunt - Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2000-2003 Internet Software Consortium.
c7fd128f8ea8a527fe27c1b95ab46df7155bc8e4Tinderbox User -
c7fd128f8ea8a527fe27c1b95ab46df7155bc8e4Tinderbox User - Permission to use, copy, modify, and distribute this software for any
ba9e87b35e561bc7354ce3f4b9685b747b7be507Tinderbox User - purpose with or without fee is hereby granted, provided that the above
1f9754245cbd5eec2d2a667bb292f62f72386d4bMark Andrews - copyright notice and this permission notice appear in all copies.
59663800d2ec04777dae2791dd92aa563faf94c8Evan Hunt -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1f9754245cbd5eec2d2a667bb292f62f72386d4bMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
59663800d2ec04777dae2791dd92aa563faf94c8Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1ca2cf024391992fe14b2df7d3ae0f575d074452Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
0726d872f6f36901ea09321df57084614e5bb6faTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1ca2cf024391992fe14b2df7d3ae0f575d074452Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a2c370ca12bb0360ff7e969474ead3f788c65fffTinderbox User - PERFORMANCE OF THIS SOFTWARE.
8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User-->
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<!-- $Id: dnssec-keygen.html,v 1.31 2008/09/25 04:45:04 tbox Exp $ -->
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<html>
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<head>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2b7254075b883d70852a2757210793603085a0f1Tinderbox User<title>dnssec-keygen</title>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</head>
b91d11bfcc30b96f2c80f3a76d12e3dcc8597a68Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refnamediv">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<h2>Name</h2>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refsynopsisdiv">
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<h2>Synopsis</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews</div>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<div class="refsect1" lang="en">
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<a name="id2543477"></a><h2>DESCRIPTION</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p><span><strong class="command">dnssec-keygen</strong></span>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews      and RFC 4034.  It can also generate keys for use with
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      TSIG (Transaction Signatures), as defined in RFC 2845.
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User    </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="refsect1" lang="en">
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id2543489"></a><h2>OPTIONS</h2>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="variablelist"><dl>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User            Selects the cryptographic algorithm.  The value of
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt        DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC-MD5.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews        These values are case insensitive.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews          </p>
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews        mandatory.
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt          </p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            Note 2: HMAC-MD5 and DH automatically set the -k flag.
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt          </p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</dd>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dd><p>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            Specifies the number of bits in the key.  The choice of key
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater            between
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews            512 and 2048 bits.  Diffie Hellman keys must be between
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            128 and 4096 bits.  DSA keys must be between 512 and 1024
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            bits and an exact multiple of 64.  HMAC-MD5 keys must be
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            between 1 and 512 bits.
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater          </p></dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<dd><p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            Specifies the owner type of the key.  The value of
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            a host (KEY)),
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            These values are case insensitive.  Defaults to ZONE for DNSKEY
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews        generation.
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User          </p></dd>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<dd><p>
3ccf87473f7cf6d9faac156df38a935a238f96fdTinderbox User            Indicates that the DNS record containing the key should have
fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews            the specified class.  If not specified, class IN is used.
b378314925e78f21853a98cec924788ce1822c6cTinderbox User          </p></dd>
ebe53509ca55a141131c104b6d722236b606e0efTinderbox User<dt><span class="term">-e</span></dt>
fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews<dd><p>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews            If generating an RSAMD5/RSASHA1 key, use a large exponent.
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt          </p></dd>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<dd><p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            Set the specified flag in the flag field of the KEY/DNSKEY record.
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt                    The only recognized flag is KSK (Key Signing Key) DNSKEY.
7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User          </p></dd>
3ccf87473f7cf6d9faac156df38a935a238f96fdTinderbox User<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd><p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            If generating a Diffie Hellman key, use this generator.
551e6d2414c4f47d58a9bb0b37f206f915a4f5acTinderbox User            Allowed values are 2 and 5.  If no generator
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews            is specified, a known prime from RFC 2539 will be used
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            if possible; otherwise the default is 2.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          </p></dd>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dt><span class="term">-h</span></dt>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dd><p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews            Prints a short summary of the options and arguments to
51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User            <span><strong class="command">dnssec-keygen</strong></span>.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          </p></dd>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dt><span class="term">-k</span></dt>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dd><p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews            Generate KEY records rather than DNSKEY records.
415d630b6309922caee8469384a6fab75cf05032Mark Andrews          </p></dd>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<dd><p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews            Sets the protocol value for the generated key.  The protocol
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            is a number between 0 and 255.  The default is 3 (DNSSEC).
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            Other possible values for this argument are listed in
415d630b6309922caee8469384a6fab75cf05032Mark Andrews            RFC 2535 and its successors.
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews          </p></dd>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dd><p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            Specifies the source of randomness.  If the operating
415d630b6309922caee8469384a6fab75cf05032Mark Andrews            system does not provide a <code class="filename">/dev/random</code>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson            or equivalent device, the default source of randomness
415d630b6309922caee8469384a6fab75cf05032Mark Andrews            is keyboard input.  <code class="filename">randomdev</code>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews            specifies
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User            the name of a character device or file containing random
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            data to be used instead of the default.  The special value
415d630b6309922caee8469384a6fab75cf05032Mark Andrews            <code class="filename">keyboard</code> indicates that keyboard
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson            input should be used.
415d630b6309922caee8469384a6fab75cf05032Mark Andrews          </p></dd>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<dd><p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews            Specifies the strength value of the key.  The strength is
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews            a number between 0 and 15, and currently has no defined
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            purpose in DNSSEC.
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews          </p></dd>
ebe53509ca55a141131c104b6d722236b606e0efTinderbox User<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<dd><p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews            Indicates the use of the key.  <code class="option">type</code> must be
fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            is AUTHCONF.  AUTH refers to the ability to authenticate
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews            data, and CONF the ability to encrypt data.
fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews          </p></dd>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User<dd><p>
baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews            Sets the debugging level.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </p></dd>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</dl></div>
51aeb0ae19596e99b029cfa933e73b76ebec480aTinderbox User</div>
baeaed18341c015e9ad54ffa21973184c1bc432bMark Andrews<div class="refsect1" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2543824"></a><h2>GENERATED KEYS</h2>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<p>
33b0d10552ea5f7716385b2cedff64daa1486c50Tinderbox User      When <span><strong class="command">dnssec-keygen</strong></span> completes
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews      successfully,
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews      to the standard output.  This is an identification string for
33b0d10552ea5f7716385b2cedff64daa1486c50Tinderbox User      the key it has generated.
b378314925e78f21853a98cec924788ce1822c6cTinderbox User    </p>
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<div class="itemizedlist"><ul type="disc">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<li><p><code class="filename">nnnn</code> is the key name.
2b7254075b883d70852a2757210793603085a0f1Tinderbox User        </p></li>
66317da170ed35b08f5847db2d48b225826327cbTinderbox User<li><p><code class="filename">aaa</code> is the numeric representation
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews          of the
fec6e13f2d1e69fe1c2b8fac36f732f124cf5398Mark Andrews          algorithm.
b625bdae12277225b076a002dd4af80902529181Tinderbox User        </p></li>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<li><p><code class="filename">iiiii</code> is the key identifier (or
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews          footprint).
2b7254075b883d70852a2757210793603085a0f1Tinderbox User        </p></li>
33b0d10552ea5f7716385b2cedff64daa1486c50Tinderbox User</ul></div>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<p><span><strong class="command">dnssec-keygen</strong></span>
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater      creates two files, with names based
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User      contains the public key, and
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      private
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater      key.
415d630b6309922caee8469384a6fab75cf05032Mark Andrews    </p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User      The <code class="filename">.key</code> file contains a DNS KEY record
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      that
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      can be inserted into a zone file (directly or with a $INCLUDE
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User      statement).
415d630b6309922caee8469384a6fab75cf05032Mark Andrews    </p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User      The <code class="filename">.private</code> file contains
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      algorithm-specific
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      fields.  For obvious security reasons, this file does not have
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater      general read permission.
415d630b6309922caee8469384a6fab75cf05032Mark Andrews    </p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User      Both <code class="filename">.key</code> and <code class="filename">.private</code>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      files are generated for symmetric encryption algorithms such as
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      HMAC-MD5, even though the public and private key are equivalent.
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson    </p>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews</div>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<div class="refsect1" lang="en">
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<a name="id2543906"></a><h2>EXAMPLE</h2>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      To generate a 768-bit DSA key for the domain
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater      <strong class="userinput"><code>example.com</code></strong>, the following command would be
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      issued:
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews    </p>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    </p>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<p>
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater      The command would print a string of the form:
415d630b6309922caee8469384a6fab75cf05032Mark Andrews    </p>
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User    </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson      the files <code class="filename">Kexample.com.+003+26160.key</code>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews      and
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      <code class="filename">Kexample.com.+003+26160.private</code>.
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User    </p>
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<div class="refsect1" lang="en">
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User<a name="id2543949"></a><h2>SEE ALSO</h2>
415d630b6309922caee8469384a6fab75cf05032Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
e813f036c8251b6d9d2a72fa84f80c2c9d2795afMark Andrews      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
9218b940febade3085fd6d95a15e67d5f94833f0Tinderbox User      <em class="citetitle">RFC 2535</em>,
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews      <em class="citetitle">RFC 2845</em>,
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User      <em class="citetitle">RFC 2539</em>.
361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User    </p>
5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User</div>
5affecff6e148a8e124d03f5dbac0da11e30dcc5Tinderbox User<div class="refsect1" lang="en">
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a name="id2544049"></a><h2>AUTHOR</h2>
dc7e5458bbcb59ea310ed64ac7e77016e62e9c15Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
5b3dd19d815f0389d566d20c2fee57cb37d1dd47Tinderbox User    </p>
1fce11b1d3f2d461d261156b8cdc64ab864f06a9Tinderbox User</div>
fab54780409846f7c71f6026d665f18c77c649efTinderbox User</div></body>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews</html>
361967ea970ea8f0ef8875e769505ecdac74bfb0Tinderbox User