dnssec-revoke.html revision dd1ce8b52478fa98c844720af9e77fae2978f18d
11e9368a226272085c337e9e74b79808c16fbdbaTinderbox User - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
3e02c9e33656dcd9c364633d42dd785d3e6fdd66Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
c6fb85f9500350e5ce58c9a24f5d264c8a8bd6f4Automatic Updater - purpose with or without fee is hereby granted, provided that the above
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - copyright notice and this permission notice appear in all copies.
3e02c9e33656dcd9c364633d42dd785d3e6fdd66Automatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
3e02c9e33656dcd9c364633d42dd785d3e6fdd66Automatic Updater - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<!-- $Id$ -->
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<p><span class="application">dnssec-revoke</span> — Set the REVOKED bit on a DNSSEC key</p>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<p><span><strong class="command">dnssec-revoke</strong></span>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater reads a DNSSEC key file, sets the REVOKED bit on the key as defined
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt in RFC 5011, and creates a new pair of key files containing the
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt now-revoked key.
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt Emit usage message and exit.
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
6f1205897504b8f50b1785975482c995888dd630Tinderbox User Sets the directory in which the key files are to reside.
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt After writing the new keyset files remove the original keyset
fd0b768f4c23d22c89f8a156a632831583b7fb68Automatic Updater<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt Sets the debugging level.
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt Specifies the cryptographic hardware to use, when applicable.
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater When BIND is built with OpenSSL PKCS#11 support, this defaults
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt to the string "pkcs11", which identifies an OpenSSL engine
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt that can drive a cryptographic accelerator or hardware service
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt module. When BIND is built with native PKCS#11 cryptography
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt (--enable-native-pkcs11), it defaults to the path of the PKCS#11
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt provider library specified via "--with-pkcs11".
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt write the new key pair even if a file already exists matching
1bc5499c2a0fc5d2b11849e97cdd6305a64eb242Evan Hunt the algorithm and key ID of the revoked key.
6f1205897504b8f50b1785975482c995888dd630Tinderbox User Print the key tag of the key with the REVOKE bit set but do
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater not revoke the key.
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>