bin/dnssec/dnssec-revoke.docbook

	dnssec-revoke.docbook revision 1946c596b47b0495ce745fe2fff7da799919b0d2
306N/A<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
306N/A               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
1339N/A               [<!ENTITY mdash "&#8212;">]>
306N/A<!--
306N/A - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
919N/A -
919N/A - Permission to use, copy, modify, and/or distribute this software for any
919N/A - purpose with or without fee is hereby granted, provided that the above
919N/A - copyright notice and this permission notice appear in all copies.
919N/A -
919N/A - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
919N/A - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
919N/A - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
919N/A - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
919N/A - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
919N/A - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
919N/A - PERFORMANCE OF THIS SOFTWARE.
919N/A-->
919N/A
919N/A<!-- $Id: dnssec-revoke.docbook,v 1.8 2011/10/20 21:20:01 marka Exp $ -->
919N/A<refentry id="man.dnssec-revoke">
919N/A  <refentryinfo>
306N/A    <date>June 1, 2009</date>
306N/A  </refentryinfo>
493N/A
493N/A  <refmeta>
970N/A    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
970N/A    <manvolnum>8</manvolnum>
970N/A    <refmiscinfo>BIND9</refmiscinfo>
970N/A  </refmeta>
1360N/A
1360N/A  <refnamediv>
1360N/A    <refname><application>dnssec-revoke</application></refname>
1360N/A    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
1360N/A  </refnamediv>
1360N/A
306N/A  <docinfo>
1339N/A    <copyright>
1360N/A      <year>2009</year>
1360N/A      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
1360N/A    </copyright>
1360N/A  </docinfo>
306N/A
493N/A  <refsynopsisdiv>
493N/A    <cmdsynopsis>
935N/A      <command>dnssec-revoke</command>
935N/A      <arg><option>-hr</option></arg>
935N/A      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
810N/A      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
810N/A      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
810N/A      <arg><option>-f</option></arg>
493N/A      <arg><option>-R</option></arg>
493N/A      <arg choice="req">keyfile</arg>
493N/A    </cmdsynopsis>
837N/A  </refsynopsisdiv>
493N/A
306N/A  <refsect1>
963N/A    <title>DESCRIPTION</title>
963N/A    <para><command>dnssec-revoke</command>
963N/A      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
970N/A      in RFC 5011, and creates a new pair of key files containing the
970N/A      now-revoked key.
970N/A    </para>
970N/A  </refsect1>
970N/A
970N/A  <refsect1>
970N/A    <title>OPTIONS</title>
306N/A
493N/A    <variablelist>
306N/A      <varlistentry>
306N/A    <term>-h</term>
561N/A        <listitem>
306N/A      <para>
963N/A        Emit usage message and exit.
963N/A      </para>
963N/A        </listitem>
837N/A      </varlistentry>
837N/A
837N/A      <varlistentry>
837N/A        <term>-K <replaceable class="parameter">directory</replaceable></term>
1288N/A        <listitem>
1288N/A          <para>
1288N/A            Sets the directory in which the key files are to reside.
1288N/A          </para>
837N/A        </listitem>
837N/A      </varlistentry>
306N/A
1288N/A      <varlistentry>
837N/A    <term>-r</term>
837N/A        <listitem>
837N/A      <para>
837N/A        After writing the new keyset files remove the original keyset
837N/A        files.
837N/A      </para>
837N/A        </listitem>
970N/A      </varlistentry>
1288N/A
851N/A      <varlistentry>
970N/A        <term>-v <replaceable class="parameter">level</replaceable></term>
1288N/A        <listitem>
1288N/A          <para>
970N/A            Sets the debugging level.
970N/A          </para>
970N/A        </listitem>
970N/A      </varlistentry>
970N/A
970N/A      <varlistentry>
        <term>-E <replaceable class="parameter">engine</replaceable></term>
        <listitem>
          <para>
            Use the given OpenSSL engine. When compiled with PKCS#11 support
            it defaults to pkcs11; the empty name resets it to no engine.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-f</term>
        <listitem>
          <para>
            Force overwrite: Causes <command>dnssec-revoke</command> to
            write the new key pair even if a file already exists matching
            the algorithm and key ID of the revoked key.
          </para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term>-R</term>
        <listitem>
          <para>
        Print the key tag of the key with the REVOKE bit set but do
        not revoke the key.
          </para>
        </listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>SEE ALSO</title>
    <para><citerefentry>
        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
      </citerefentry>,
      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
      <citetitle>RFC 5011</citetitle>.
    </para>
  </refsect1>

  <refsect1>
    <title>AUTHOR</title>
    <para><corpauthor>Internet Systems Consortium</corpauthor>
    </para>
  </refsect1>

</refentry><!--
 - Local variables:
 - mode: sgml
 - End:
-->