dnssec-revoke.docbook revision dfc015bc7e99019373878f8eb4527f5ebd0e0969
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock [<!ENTITY mdash "&#8212;">]>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock<!--
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock -
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - Permission to use, copy, modify, and/or distribute this software for any
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - purpose with or without fee is hereby granted, provided that the above
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - copyright notice and this permission notice appear in all copies.
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock -
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock - PERFORMANCE OF THIS SOFTWARE.
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock-->
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock<refentry id="man.dnssec-revoke">
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <refentryinfo>
791a814c934fcd4deb13b26c1f116ff283272a0dSundeep Panicker <date>June 1, 2009</date>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock </refentryinfo>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <refmeta>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <refentrytitle><application>dnssec-revoke</application></refentrytitle>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <manvolnum>8</manvolnum>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <refmiscinfo>BIND9</refmiscinfo>
d91236fe104c7ea63142e053b22a39c8a30d304beschrock </refmeta>
791a814c934fcd4deb13b26c1f116ff283272a0dSundeep Panicker
a6e6969cf9cfe2070eae4cd6071f76b0fa4f539feschrock <refnamediv>
bf82a41b568b2bd31bf9814587eb25ee2e7b05ffeschrock <refname><application>dnssec-revoke</application></refname>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock </refnamediv>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <docinfo>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <copyright>
275c9da86e89f8abf71135cf63d9fc23671b2e60eschrock <year>2009</year>
<year>2011</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
<cmdsynopsis>
<command>dnssec-revoke</command>
<arg><option>-hr</option></arg>
<arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
<arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
<arg><option>-f</option></arg>
<arg><option>-R</option></arg>
<arg choice="req">keyfile</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para><command>dnssec-revoke</command>
reads a DNSSEC key file, sets the REVOKED bit on the key as defined
in RFC 5011, and creates a new pair of key files containing the
now-revoked key.
</para>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<variablelist>
<varlistentry>
<term>-h</term>
<listitem>
<para>
Emit usage message and exit.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-K <replaceable class="parameter">directory</replaceable></term>
<listitem>
<para>
Sets the directory in which the key files are to reside.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem>
<para>
After writing the new keyset files remove the original keyset
files.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-v <replaceable class="parameter">level</replaceable></term>
<listitem>
<para>
Sets the debugging level.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-E <replaceable class="parameter">engine</replaceable></term>
<listitem>
<para>
Use the given OpenSSL engine. When compiled with PKCS#11 support
it defaults to pkcs11; the empty name resets it to no engine.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-f</term>
<listitem>
<para>
Force overwrite: Causes <command>dnssec-revoke</command> to
write the new key pair even if a file already exists matching
the algorithm and key ID of the revoked key.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-R</term>
<listitem>
<para>
Print the key tag of the key with the REVOKE bit set but do
not revoke the key.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para><citerefentry>
<refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 5011</citetitle>.
</para>
</refsect1>
<refsect1>
<title>AUTHOR</title>
<para><corpauthor>Internet Systems Consortium</corpauthor>
</para>
</refsect1>
</refentry><!--
- Local variables:
- mode: sgml
- End:
-->