bin/dnssec/dnssec-keygen.html

	dnssec-keygen.html revision e21a2904f02a03fa06b6db04d348f65fe9c67b2b
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<!--
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - Copyright (C) 2000-2003 Internet Software Consortium.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen -
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - Permission to use, copy, modify, and distribute this software for any
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - purpose with or without fee is hereby granted, provided that the above
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - copyright notice and this permission notice appear in all copies.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen -
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ed157532dafb9dc25f98fda89bc1e324c3926898Timo Sirainen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen - PERFORMANCE OF THIS SOFTWARE.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen-->
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<!-- $Id: dnssec-keygen.html,v 1.26 2006/12/12 01:45:20 marka Exp $ -->
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<html>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<head>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<title>dnssec-keygen</title>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen</head>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="refnamediv">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<h2>Name</h2>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen</div>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="refsynopsisdiv">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<h2>Synopsis</h2>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen</div>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="refsect1" lang="en">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<a name="id2543660"></a><h2>DESCRIPTION</h2>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p><span><strong class="command">dnssec-keygen</strong></span>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen      TSIG (Transaction Signatures), as defined in RFC 2845.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen    </p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen</div>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="refsect1" lang="en">
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<a name="id2543672"></a><h2>OPTIONS</h2>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<div class="variablelist"><dl>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Selects the cryptographic algorithm.  The value of
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen                      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            are case insensitive.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            algorithm,
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Note 2: HMAC-MD5 and DH automatically set the -k flag.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen</dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd><p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Specifies the number of bits in the key.  The choice of key
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            between
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            512 and 2048 bits.  Diffie Hellman keys must be between
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            128 and 4096 bits.  DSA keys must be between 512 and 1024
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            bits and an exact multiple of 64.  HMAC-MD5 keys must be
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            between 1 and 512 bits.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd><p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Specifies the owner type of the key.  The value of
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            a host (KEY)),
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            These values are
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            case insensitive.
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Indicates that the DNS record containing the key should have
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            the specified class.  If not specified, class IN is used.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dt><span class="term">-e</span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            If generating an RSAMD5/RSASHA1 key, use a large exponent.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd><p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Set the specified flag in the flag field of the KEY/DNSKEY record.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen                    The only recognized flag is KSK (Key Signing Key) DNSKEY.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd><p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            If generating a Diffie Hellman key, use this generator.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Allowed values are 2 and 5.  If no generator
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            is specified, a known prime from RFC 2539 will be used
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            if possible; otherwise the default is 2.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-h</span></dt>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dd><p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            Prints a short summary of the options and arguments to
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            <span><strong class="command">dnssec-keygen</strong></span>.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dt><span class="term">-k</span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            Generate KEY records rather than DNSKEY records.
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Sets the protocol value for the generated key.  The protocol
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            is a number between 0 and 255.  The default is 3 (DNSSEC).
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            Other possible values for this argument are listed in
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            RFC 2535 and its successors.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Specifies the source of randomness.  If the operating
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            system does not provide a <code class="filename">/dev/random</code>
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            or equivalent device, the default source of randomness
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            is keyboard input.  <code class="filename">randomdev</code>
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            specifies
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            the name of a character device or file containing random
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            data to be used instead of the default.  The special value
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen            <code class="filename">keyboard</code> indicates that keyboard
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            input should be used.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Specifies the strength value of the key.  The strength is
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            a number between 0 and 15, and currently has no defined
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            purpose in DNSSEC.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Indicates the use of the key.  <code class="option">type</code> must be
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen            is AUTHCONF.  AUTH refers to the ability to authenticate
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            data, and CONF the ability to encrypt data.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
c6afd726060aae56b6622c6c52aec10231c4bf1cTimo Sirainen<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<dd><p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen            Sets the debugging level.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          </p></dd>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</dl></div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<div class="refsect1" lang="en">
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<a name="id2544007"></a><h2>GENERATED KEYS</h2>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      When <span><strong class="command">dnssec-keygen</strong></span> completes
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      successfully,
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      to the standard output.  This is an identification string for
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      the key it has generated.
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<div class="itemizedlist"><ul type="disc">
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<li><p><code class="filename">nnnn</code> is the key name.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen        </p></li>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<li><p><code class="filename">aaa</code> is the numeric representation
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          of the
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          algorithm.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen        </p></li>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<li><p><code class="filename">iiiii</code> is the key identifier (or
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen          footprint).
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen        </p></li>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</ul></div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p><span><strong class="command">dnssec-keygen</strong></span>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      creates two file, with names based
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      contains the public key, and
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      private
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      key.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      The <code class="filename">.key</code> file contains a DNS KEY record
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      that
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      can be inserted into a zone file (directly or with a $INCLUDE
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      statement).
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      The <code class="filename">.private</code> file contains algorithm
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      specific
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      fields.  For obvious security reasons, this file does not have
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      general read permission.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      Both <code class="filename">.key</code> and <code class="filename">.private</code>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      files are generated for symmetric encryption algorithm such as
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      HMAC-MD5, even though the public and private key are equivalent.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<div class="refsect1" lang="en">
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<a name="id2544089"></a><h2>EXAMPLE</h2>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      To generate a 768-bit DSA key for the domain
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <strong class="userinput"><code>example.com</code></strong>, the following command would be
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      issued:
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      The command would print a string of the form:
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
9fd2181788a61500641c66aec0f8c746b19bf830Timo Sirainen    </p>
ed157532dafb9dc25f98fda89bc1e324c3926898Timo Sirainen<p>
ed157532dafb9dc25f98fda89bc1e324c3926898Timo Sirainen      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
ed157532dafb9dc25f98fda89bc1e324c3926898Timo Sirainen      the files <code class="filename">Kexample.com.+003+26160.key</code>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      and
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <code class="filename">Kexample.com.+003+26160.private</code>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<div class="refsect1" lang="en">
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<a name="id2544201"></a><h2>SEE ALSO</h2>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <em class="citetitle">RFC 2535</em>,
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <em class="citetitle">RFC 2845</em>,
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen      <em class="citetitle">RFC 2539</em>.
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<div class="refsect1" lang="en">
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<a name="id2544232"></a><h2>AUTHOR</h2>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen<p><span class="corpauthor">Internet Systems Consortium</span>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen    </p>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</div></body>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen</html>
8bad545017a5c2b69cf6fa06a50763b3b68fb161Timo Sirainen