bin/dnssec/dnssec-revoke.docbook

	dnssec-revoke.docbook revision 30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff<!--
7d32c065c7bb56f281651ae3dd2888f32ce4f1d9Bob Halley - Copyright (C) 2009, 2011, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff - Permission to use, copy, modify, and/or distribute this software for any
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff - purpose with or without fee is hereby granted, provided that the above
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff - copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
15a44745412679c30a6d022733925af70a38b715David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
15a44745412679c30a6d022733925af70a38b715David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
15a44745412679c30a6d022733925af70a38b715David Lawrence - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
15a44745412679c30a6d022733925af70a38b715David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15a44745412679c30a6d022733925af70a38b715David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15a44745412679c30a6d022733925af70a38b715David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15a44745412679c30a6d022733925af70a38b715David Lawrence - PERFORMANCE OF THIS SOFTWARE.
15a44745412679c30a6d022733925af70a38b715David Lawrence-->
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff<!-- Converted by db4-upgrade version 1.0 -->
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson<refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence  <info>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    <date>2014-01-15</date>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  </info>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  <refentryinfo>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    <corpname>ISC</corpname>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  </refentryinfo>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence  <refmeta>
364a82f7c25b62967678027043425201a5e5171aBob Halley    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    <manvolnum>8</manvolnum>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    <refmiscinfo>BIND9</refmiscinfo>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence  </refmeta>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence
7d823f705d9d3a8cb4d43fcf11249515e2845364Andreas Gustafsson  <refnamediv>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    <refname><application>dnssec-revoke</application></refname>
f9df80f4348ef68043903efa08299480324f4823Michael Graff    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
f9df80f4348ef68043903efa08299480324f4823Michael Graff  </refnamediv>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence
0f80bfec687db08a6e6ce945ef1d818da06c7ca9Brian Wellington  <docinfo>
09f22ac5b09e70bc526015f37168ba33e21ea91fDavid Lawrence    <copyright>
6d4886fa7430889a96dbf9b88a2a4eb6f9d04674Brian Wellington      <year>2009</year>
b984520acca2532d048eae929dc0682dd334c7a3Brian Wellington      <year>2011</year>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      <year>2014</year>
75ec9bc9c7b4f2485647414330122e7b8e188097Andreas Gustafsson      <year>2015</year>
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff    </copyright>
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff  </docinfo>
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley  <refsynopsisdiv>
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley    <cmdsynopsis sepchar=" ">
ac77fece9a62537a9e0e5852498ebeda7b2978c3Bob Halley      <command>dnssec-revoke</command>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <arg choice="opt" rep="norepeat"><option>-f</option></arg>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <arg choice="opt" rep="norepeat"><option>-R</option></arg>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <arg choice="req" rep="norepeat">keyfile</arg>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    </cmdsynopsis>
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer  </refsynopsisdiv>
1ed4ba5a1fcb6aecd1c92fdcc75c6b4bbb7cc60fMichael Sawyer
f9df80f4348ef68043903efa08299480324f4823Michael Graff  <refsection><info><title>DESCRIPTION</title></info>
f9df80f4348ef68043903efa08299480324f4823Michael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff    <para><command>dnssec-revoke</command>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff      in RFC 5011, and creates a new pair of key files containing the
f9df80f4348ef68043903efa08299480324f4823Michael Graff      now-revoked key.
e223094b2248afa2697c531f75e6f84855638becMichael Graff    </para>
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff  </refsection>
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff  <refsection><info><title>OPTIONS</title></info>
b02262cbcd550c63f85df76edc6fff556ea5e95dMichael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    <variablelist>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    <term>-h</term>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <listitem>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence      <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        Emit usage message and exit.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        </listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer        <term>-K <replaceable class="parameter">directory</replaceable></term>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer        <listitem>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer          <para>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer            Sets the directory in which the key files are to reside.
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer          </para>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer        </listitem>
58c40ca8bda08458804d7f15cf97942dea2a17acMichael Sawyer      </varlistentry>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    <term>-r</term>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        After writing the new keyset files remove the original keyset
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        files.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        </listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <term>-v <replaceable class="parameter">level</replaceable></term>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer          <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            Sets the debugging level.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer          </para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        </listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </varlistentry>
6d12fdf96621801e80f3f4c2a8a569fe48766a20David Lawrence
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer    <term>-V</term>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        Prints version information.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        </listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      </varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer      <varlistentry>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <term>-E <replaceable class="parameter">engine</replaceable></term>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer        <listitem>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer          <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            Specifies the cryptographic hardware to use, when applicable.
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer          </para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer          <para>
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            When BIND is built with OpenSSL PKCS#11 support, this defaults
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            to the string "pkcs11", which identifies an OpenSSL engine
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            that can drive a cryptographic accelerator or hardware service
c95a89b433e42ecf9108b6c263f405fecc0d8a65Michael Sawyer            module.  When BIND is built with native PKCS#11 cryptography
f9df80f4348ef68043903efa08299480324f4823Michael Graff            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
f9df80f4348ef68043903efa08299480324f4823Michael Graff            provider library specified via "--with-pkcs11".
f9df80f4348ef68043903efa08299480324f4823Michael Graff          </para>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        </listitem>
f9df80f4348ef68043903efa08299480324f4823Michael Graff      </varlistentry>
f9df80f4348ef68043903efa08299480324f4823Michael Graff
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff      <varlistentry>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        <term>-f</term>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        <listitem>
f9df80f4348ef68043903efa08299480324f4823Michael Graff          <para>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff            Force overwrite: Causes <command>dnssec-revoke</command> to
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff            write the new key pair even if a file already exists matching
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff            the algorithm and key ID of the revoked key.
fccf7905e8a06067d49ec00c53d4d57a38a71e52Michael Graff          </para>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        </listitem>
d68838693666ba930ec4143f848c18bff2bfc244Michael Graff      </varlistentry>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      <varlistentry>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        <term>-R</term>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        <listitem>
f9df80f4348ef68043903efa08299480324f4823Michael Graff          <para>
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff        Print the key tag of the key with the REVOKE bit set but do
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff        not revoke the key.
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff          </para>
97e7d389d54a9e3a1ba8313ed140b04afabc7081Michael Graff        </listitem>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      </varlistentry>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    </variablelist>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  </refsection>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  <refsection><info><title>SEE ALSO</title></info>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
f9df80f4348ef68043903efa08299480324f4823Michael Graff    <para><citerefentry>
f9df80f4348ef68043903efa08299480324f4823Michael Graff        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      </citerefentry>,
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff      <citetitle>RFC 5011</citetitle>.
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff    </para>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff  </refsection>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff</refentry>
9178881e1bf6a4b01db886b355406c8bed61cc2aMichael Graff