dnssec-revoke.docbook revision 42782931073786f98d3d0a617351db40066949a4
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt [<!ENTITY mdash "—">]>
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - Permission to use, copy, modify, and/or distribute this software for any
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - purpose with or without fee is hereby granted, provided that the above
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - copyright notice and this permission notice appear in all copies.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentryinfo>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refentryinfo>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentrytitle><application>dnssec-revoke</application></refentrytitle>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refnamediv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refname><application>dnssec-revoke</application></refname>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refnamediv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </copyright>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refsynopsisdiv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <cmdsynopsis>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </cmdsynopsis>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </refsynopsisdiv>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt reads a DNSSEC key file, sets the REVOKED bit on the key as defined
85f5bb5274e7d4e829646cf47dae8f9f95c227f8Francis Dupont in RFC 5011, and creates a new pair of key files containing the
85f5bb5274e7d4e829646cf47dae8f9f95c227f8Francis Dupont now-revoked key.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <variablelist>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Emit usage message and exit.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
553ead32ff5b00284e574dcabc39115d4d74ec66Evan Hunt <term>-K <replaceable class="parameter">directory</replaceable></term>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the directory in which the key files are to reside.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt After writing the new keyset files remove the original keyset
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <term>-v <replaceable class="parameter">level</replaceable></term>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the debugging level.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman <varlistentry>
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman Prints version information.
42782931073786f98d3d0a617351db40066949a4Mukund Sivaraman </varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont <varlistentry>
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont <term>-E <replaceable class="parameter">engine</replaceable></term>
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt Specifies the cryptographic hardware to use, when applicable.
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt When BIND is built with OpenSSL PKCS#11 support, this defaults
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt to the string "pkcs11", which identifies an OpenSSL engine
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt that can drive a cryptographic accelerator or hardware service
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt module. When BIND is built with native PKCS#11 cryptography
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt (--enable-native-pkcs11), it defaults to the path of the PKCS#11
ba751492fcc4f161a18b983d4f018a1a52938cb9Evan Hunt provider library specified via "--with-pkcs11".
8b78c993cb475cc94e88560941b28c37684789d9Francis Dupont </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Force overwrite: Causes <command>dnssec-revoke</command> to
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt write the new key pair even if a file already exists matching
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt the algorithm and key ID of the revoked key.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </varlistentry>
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews <varlistentry>
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews Print the key tag of the key with the REVOKE bit set but do
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews not revoke the key.
1946c596b47b0495ce745fe2fff7da799919b0d2Mark Andrews </varlistentry>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </variablelist>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt </citerefentry>,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <para><corpauthor>Internet Systems Consortium</corpauthor>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - Local variables:
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - mode: sgml