bin/dnssec/dnssec-revoke.docbook

0N/A<!--
1472N/A - Copyright (C) 2009, 2011, 2014-2016  Internet Systems Consortium, Inc. ("ISC")
0N/A -
0N/A - This Source Code Form is subject to the terms of the Mozilla Public
0N/A - License, v. 2.0. If a copy of the MPL was not distributed with this
0N/A - file, You can obtain one at http://mozilla.org/MPL/2.0/.
0N/A-->
0N/A
0N/A<!-- Converted by db4-upgrade version 1.0 -->
0N/A<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
0N/A  <info>
0N/A    <date>2014-01-15</date>
0N/A  </info>
0N/A  <refentryinfo>
0N/A    <corpname>ISC</corpname>
0N/A    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
0N/A  </refentryinfo>
0N/A
1472N/A  <refmeta>
1472N/A    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
1472N/A    <manvolnum>8</manvolnum>
0N/A    <refmiscinfo>BIND9</refmiscinfo>
0N/A  </refmeta>
0N/A
0N/A  <refnamediv>
0N/A    <refname><application>dnssec-revoke</application></refname>
0N/A    <refpurpose>set the REVOKED bit on a DNSSEC key</refpurpose>
0N/A  </refnamediv>
0N/A
0N/A  <docinfo>
0N/A    <copyright>
0N/A      <year>2009</year>
0N/A      <year>2011</year>
0N/A      <year>2014</year>
0N/A      <year>2015</year>
0N/A      <year>2016</year>
0N/A      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
0N/A    </copyright>
0N/A  </docinfo>
0N/A
0N/A  <refsynopsisdiv>
0N/A    <cmdsynopsis sepchar=" ">
0N/A      <command>dnssec-revoke</command>
0N/A      <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-f</option></arg>
0N/A      <arg choice="opt" rep="norepeat"><option>-R</option></arg>
0N/A      <arg choice="req" rep="norepeat">keyfile</arg>
0N/A    </cmdsynopsis>
0N/A  </refsynopsisdiv>
0N/A
0N/A  <refsection><info><title>DESCRIPTION</title></info>
0N/A
0N/A    <para><command>dnssec-revoke</command>
0N/A      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
0N/A      in RFC 5011, and creates a new pair of key files containing the
0N/A      now-revoked key.
0N/A    </para>
0N/A  </refsection>
0N/A
0N/A  <refsection><info><title>OPTIONS</title></info>
0N/A
0N/A
0N/A    <variablelist>
0N/A      <varlistentry>
0N/A    <term>-h</term>
0N/A        <listitem>
0N/A      <para>
0N/A        Emit usage message and exit.
0N/A      </para>
0N/A        </listitem>
0N/A      </varlistentry>
0N/A
0N/A      <varlistentry>
0N/A        <term>-K <replaceable class="parameter">directory</replaceable></term>
0N/A        <listitem>
0N/A          <para>
0N/A            Sets the directory in which the key files are to reside.
0N/A          </para>
0N/A        </listitem>
0N/A      </varlistentry>
0N/A
0N/A      <varlistentry>
0N/A    <term>-r</term>
0N/A        <listitem>
0N/A      <para>
0N/A        After writing the new keyset files remove the original keyset
0N/A        files.
0N/A      </para>
0N/A        </listitem>
0N/A      </varlistentry>
0N/A
0N/A      <varlistentry>
0N/A        <term>-v <replaceable class="parameter">level</replaceable></term>
0N/A        <listitem>
0N/A          <para>
0N/A            Sets the debugging level.
0N/A          </para>
0N/A        </listitem>
0N/A      </varlistentry>
0N/A
0N/A      <varlistentry>
0N/A    <term>-V</term>
0N/A        <listitem>
0N/A      <para>
0N/A        Prints version information.
0N/A      </para>
0N/A        </listitem>
0N/A      </varlistentry>
0N/A
0N/A      <varlistentry>
0N/A        <term>-E <replaceable class="parameter">engine</replaceable></term>
0N/A        <listitem>
0N/A          <para>
0N/A            Specifies the cryptographic hardware to use, when applicable.
0N/A          </para>
0N/A          <para>
0N/A            When BIND is built with OpenSSL PKCS#11 support, this defaults
            to the string "pkcs11", which identifies an OpenSSL engine
            that can drive a cryptographic accelerator or hardware service
            module.  When BIND is built with native PKCS#11 cryptography
            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
            provider library specified via "--with-pkcs11".
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-f</term>
        <listitem>
          <para>
            Force overwrite: Causes <command>dnssec-revoke</command> to
            write the new key pair even if a file already exists matching
            the algorithm and key ID of the revoked key.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-R</term>
        <listitem>
          <para>
        Print the key tag of the key with the REVOKE bit set but do
        not revoke the key.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsection>

  <refsection><info><title>SEE ALSO</title></info>

    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
      <citetitle>RFC 5011</citetitle>.
    </para>
  </refsection>

</refentry>