dnssec-revoke.docbook revision 19c7b1a0293498a3e36692c59646ed6e15ffc8d0
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - Permission to use, copy, modify, and/or distribute this software for any
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - purpose with or without fee is hereby granted, provided that the above
70953fb44a7140fe206c3a5f011e24209c8c5c6abnicholes - copyright notice and this permission notice appear in all copies.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes - PERFORMANCE OF THIS SOFTWARE.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<!-- Converted by db4-upgrade version 1.0 -->
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refentryinfo>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refentryinfo>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refentrytitle><application>dnssec-revoke</application></refentrytitle>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refnamediv>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refname><application>dnssec-revoke</application></refname>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refnamediv>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </copyright>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refsynopsisdiv>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-V</option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-f</option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <arg choice="opt" rep="norepeat"><option>-R</option></arg>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </cmdsynopsis>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refsynopsisdiv>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refsection><info><title>DESCRIPTION</title></info>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes reads a DNSSEC key file, sets the REVOKED bit on the key as defined
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes in RFC 5011, and creates a new pair of key files containing the
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes now-revoked key.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refsection>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <variablelist>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Emit usage message and exit.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <term>-K <replaceable class="parameter">directory</replaceable></term>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Sets the directory in which the key files are to reside.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes After writing the new keyset files remove the original keyset
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <term>-v <replaceable class="parameter">level</replaceable></term>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Sets the debugging level.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Prints version information.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
0a39e7683f6611d66c55712f50bb240428d832a1bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <term>-E <replaceable class="parameter">engine</replaceable></term>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Specifies the cryptographic hardware to use, when applicable.
41022996c916eb4ab2ec3204eb491b64779eb100bnicholes When BIND is built with OpenSSL PKCS#11 support, this defaults
41022996c916eb4ab2ec3204eb491b64779eb100bnicholes to the string "pkcs11", which identifies an OpenSSL engine
41022996c916eb4ab2ec3204eb491b64779eb100bnicholes that can drive a cryptographic accelerator or hardware service
41022996c916eb4ab2ec3204eb491b64779eb100bnicholes module. When BIND is built with native PKCS#11 cryptography
41022996c916eb4ab2ec3204eb491b64779eb100bnicholes (--enable-native-pkcs11), it defaults to the path of the PKCS#11
036436f4f4cdcd76186c0058891216545967043bbnicholes provider library specified via "--with-pkcs11".
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Force overwrite: Causes <command>dnssec-revoke</command> to
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes write the new key pair even if a file already exists matching
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes the algorithm and key ID of the revoked key.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes Print the key tag of the key with the REVOKE bit set but do
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes not revoke the key.
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </varlistentry>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </variablelist>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refsection>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </citerefentry>,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
bb2b38cd44b032118359afbc743efbea12f48e61bnicholes </refsection>