0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2009, 2011, 2014-2016 Internet Systems Consortium, Inc. ("ISC")
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - file, You can obtain one at http://mozilla.org/MPL/2.0/.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<!-- Converted by db4-upgrade version 1.0 -->
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentryinfo>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refentryinfo>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentrytitle><application>dnssec-revoke</application></refentrytitle>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refnamediv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refname><application>dnssec-revoke</application></refname>
f02194c0538094556090ded7964df2b72771d85eJeremy C. Reed <refpurpose>set the REVOKED bit on a DNSSEC key</refpurpose>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refnamediv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </copyright>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-V</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-f</option></arg>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <arg choice="opt" rep="norepeat"><option>-R</option></arg>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </cmdsynopsis>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refsynopsisdiv>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt <refsection><info><title>DESCRIPTION</title></info>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt reads a DNSSEC key file, sets the REVOKED bit on the key as defined
85f5bb5274e7d4e829646cf47dae8f9f95c227f8Francis Dupont in RFC 5011, and creates a new pair of key files containing the
85f5bb5274e7d4e829646cf47dae8f9f95c227f8Francis Dupont now-revoked key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </refsection>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <variablelist>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Emit usage message and exit.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <term>-K <replaceable class="parameter">directory</replaceable></term>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the directory in which the key files are to reside.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt After writing the new keyset files remove the original keyset
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <term>-v <replaceable class="parameter">level</replaceable></term>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the debugging level.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman <varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman Prints version information.
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman </varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont <varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont <term>-E <replaceable class="parameter">engine</replaceable></term>
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Specifies the cryptographic hardware to use, when applicable.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt When BIND is built with OpenSSL PKCS#11 support, this defaults
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt to the string "pkcs11", which identifies an OpenSSL engine
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt that can drive a cryptographic accelerator or hardware service
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt module. When BIND is built with native PKCS#11 cryptography
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt (--enable-native-pkcs11), it defaults to the path of the PKCS#11
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt provider library specified via "--with-pkcs11".
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Force overwrite: Causes <command>dnssec-revoke</command> to
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt write the new key pair even if a file already exists matching
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt the algorithm and key ID of the revoked key.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews <varlistentry>
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews Print the key tag of the key with the REVOKE bit set but do
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews not revoke the key.
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </variablelist>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </refsection>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </citerefentry>,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt </refsection>