dnssec-revoke.html revision 12bfbed87cfffa65ac300b72c5665ab38a355c2f
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
c6fb85f9500350e5ce58c9a24f5d264c8a8bd6f4Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - purpose with or without fee is hereby granted, provided that the above
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - copyright notice and this permission notice appear in all copies.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
bef75d63d74f58abc0f834ed271526672777ba29Automatic Updater - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater<!-- $Id: dnssec-revoke.html,v 1.10 2011/10/21 01:14:50 tbox Exp $ -->
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0ae35ecf053a29f61ad6b3659ac2445cf2c3f663Automatic Updater<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<p><span class="application">dnssec-revoke</span> — Set the REVOKED bit on a DNSSEC key</p>
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater<a name="id2543381"></a><h2>DESCRIPTION</h2>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<p><span><strong class="command">dnssec-revoke</strong></span>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt reads a DNSSEC key file, sets the REVOKED bit on the key as defined
fd0b768f4c23d22c89f8a156a632831583b7fb68Automatic Updater in RFC 5011, and creates a new pair of key files containing the
fd0b768f4c23d22c89f8a156a632831583b7fb68Automatic Updater now-revoked key.
0ae35ecf053a29f61ad6b3659ac2445cf2c3f663Automatic Updater Emit usage message and exit.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the directory in which the key files are to reside.
0ae35ecf053a29f61ad6b3659ac2445cf2c3f663Automatic Updater After writing the new keyset files remove the original keyset
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Sets the debugging level.
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater Use the given OpenSSL engine. When compiled with PKCS#11 support
64affc54f96a2c71cbd10ed71e246ce0746259aaAutomatic Updater it defaults to pkcs11; the empty name resets it to no engine.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt write the new key pair even if a file already exists matching
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt the algorithm and key ID of the revoked key.
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater Print the key tag of the key with the REVOKE bit set but do
12bfbed87cfffa65ac300b72c5665ab38a355c2fAutomatic Updater not revoke the key.
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
cfb1587eb9a6dc6d1d36ea0344e1b20068b81e88Evan Hunt<p><span class="corpauthor">Internet Systems Consortium</span>