dnssec-settime.html revision 6f1b350c3ac62431ecf6f94a3f16db27c1e77f26
f743002678eb67b99bbc29fee116b65d9530fec0wrowe<!--
80833bb9a1bf25dcf19e814438a4b311d2e1f4cffuankg - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
a34684a59b60a4173c25035d0c627ef17e6dc215rpluem -
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - Permission to use, copy, modify, and/or distribute this software for any
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - purpose with or without fee is hereby granted, provided that the above
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic - copyright notice and this permission notice appear in all copies.
1337c7673efc1f80f634139fbad7cbb98a0dc657ylavic -
4da61833a1cbbca94094f9653fd970582b97a72etrawick - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
4da61833a1cbbca94094f9653fd970582b97a72etrawick - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
4da61833a1cbbca94094f9653fd970582b97a72etrawick - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
4da61833a1cbbca94094f9653fd970582b97a72etrawick - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
4da61833a1cbbca94094f9653fd970582b97a72etrawick - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
4789804be088bcd86ae637a29cdb7fda25169521jailletc - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
4789804be088bcd86ae637a29cdb7fda25169521jailletc - PERFORMANCE OF THIS SOFTWARE.
4789804be088bcd86ae637a29cdb7fda25169521jailletc-->
4789804be088bcd86ae637a29cdb7fda25169521jailletc
e50c3026198fd496f183cda4c32a202925476778covener<!-- $Id: dnssec-settime.html,v 1.11 2010/02/04 23:49:13 tbox Exp $ -->
e50c3026198fd496f183cda4c32a202925476778covener<html>
e50c3026198fd496f183cda4c32a202925476778covener<head>
5b88c8507d5ef6d0c4cfbc78230294968175b638minfrin<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5b88c8507d5ef6d0c4cfbc78230294968175b638minfrin<title>dnssec-settime</title>
6c3b9cebb551140fbb25d58bae08b539b3802133ylavic<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
6c3b9cebb551140fbb25d58bae08b539b3802133ylavic</head>
6c3b9cebb551140fbb25d58bae08b539b3802133ylavic<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
4f29b65ab4b547ad5dbe506e2d0ff5d12ead9247ylavic<a name="man.dnssec-settime"></a><div class="titlepage"></div>
4f29b65ab4b547ad5dbe506e2d0ff5d12ead9247ylavic<div class="refnamediv">
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic<h2>Name</h2>
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic<p><span class="application">dnssec-settime</span> &#8212; Set the key timing metadata for a DNSSEC key</p>
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic</div>
0a0df13b7f1f4f1a74fe295253d89ca3911b301aylavic<div class="refsynopsisdiv">
69301145375a889e7e37caf7cc7321ac0f91801erpluem<h2>Synopsis</h2>
69301145375a889e7e37caf7cc7321ac0f91801erpluem<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code> [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
69301145375a889e7e37caf7cc7321ac0f91801erpluem</div>
506bfe33206b2fece40ef25f695af39dd4130facjkaluza<div class="refsect1" lang="en">
506bfe33206b2fece40ef25f695af39dd4130facjkaluza<a name="id2543419"></a><h2>DESCRIPTION</h2>
506bfe33206b2fece40ef25f695af39dd4130facjkaluza<p><span><strong class="command">dnssec-settime</strong></span>
506bfe33206b2fece40ef25f695af39dd4130facjkaluza reads a DNSSEC private key file and sets the key timing metadata
d58a848a016d401b965111e50ef829e1641f7834minfrin as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
d58a848a016d401b965111e50ef829e1641f7834minfrin <code class="option">-R</code>, <code class="option">-I</code>, and <code class="option">-D</code>
d58a848a016d401b965111e50ef829e1641f7834minfrin options. The metadata can then be used by
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sf <span><strong class="command">dnssec-signzone</strong></span> or other signing software to
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sf determine when a key is to be published, whether it should be
2e6f4d654c96c98b761fb012fd25c5d5b1558c44sf used for signing a zone, etc.
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic </p>
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic<p>
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic If none of these options is set on the command line,
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic then <span><strong class="command">dnssec-settime</strong></span> simply prints the key timing
17e6c95f3b22d18acdf8380fb26a8d0e10c80767ylavic metadata already stored in the key.
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylavic </p>
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylavic<p>
e8bd80a4bb88199d2f9a24a50345688e52d9c116ylavic When key metadata fields are changed, both files of a key
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic pair (<code class="filename">Knnnn.+aaa+iiiii.key</code> and
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic Metadata fields are stored in the private file. A human-readable
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic description of the metadata is also placed in comments in the key
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic file.
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic </p>
330e16bea8fe9cace4de90c349750c03dfb1fe64ylavic</div>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener<div class="refsect1" lang="en">
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener<a name="id2543467"></a><h2>OPTIONS</h2>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener<div class="variablelist"><dl>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener<dt><span class="term">-f</span></dt>
d7205b1a86c51c27b71a2c458dc453fd53a261c1covener<dd><p>
44ff304057225e944e220e981d434a046d14cf06covener Force an update of an old-format key with no metadata fields.
44ff304057225e944e220e981d434a046d14cf06covener Without this option, <span><strong class="command">dnssec-settime</strong></span> will
44ff304057225e944e220e981d434a046d14cf06covener fail when attempting to update a legacy key. With this option,
44ff304057225e944e220e981d434a046d14cf06covener the key will be recreated in the new format, but with the
5d1ba75b8794925e67591c209085a49279791de9covener original key data retained. The key's creation date will be
5d1ba75b8794925e67591c209085a49279791de9covener set to the present time.
5d1ba75b8794925e67591c209085a49279791de9covener </p></dd>
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand<dd><p>
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand Sets the directory in which the key files are to reside.
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand </p></dd>
caad2986f81ab263f7af41467dd622dc9add17f3ylavic<dt><span class="term">-h</span></dt>
caad2986f81ab263f7af41467dd622dc9add17f3ylavic<dd><p>
caad2986f81ab263f7af41467dd622dc9add17f3ylavic Emit usage message and exit.
caad2986f81ab263f7af41467dd622dc9add17f3ylavic </p></dd>
45a10d38e6051fd7bdf9d742aaae633d97ff02abjailletc<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
f7317ff316c2b141feea31bddb74d5d3fa1584edjorton<dd><p>
f7317ff316c2b141feea31bddb74d5d3fa1584edjorton Sets the debugging level.
2165214331e4afafca4048f66f303d0253d7b001covener </p></dd>
a34684a59b60a4173c25035d0c627ef17e6dc215rpluem<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
a34684a59b60a4173c25035d0c627ef17e6dc215rpluem<dd><p>
1e2d421a36999d292042a5539971070d54aa6c63ylavic Use the given OpenSSL engine. When compiled with PKCS#11 support
1e2d421a36999d292042a5539971070d54aa6c63ylavic it defaults to pkcs11; the empty name resets it to no engine.
1e2d421a36999d292042a5539971070d54aa6c63ylavic </p></dd>
fa7ed98b9dc94c5845cf845aea0a44ecacd290c9humbedooh</dl></div>
fa7ed98b9dc94c5845cf845aea0a44ecacd290c9humbedooh</div>
fa7ed98b9dc94c5845cf845aea0a44ecacd290c9humbedooh<div class="refsect1" lang="en">
0b67eb8568cd58bb77082703951679b42cf098actrawick<a name="id2543559"></a><h2>TIMING OPTIONS</h2>
0b67eb8568cd58bb77082703951679b42cf098actrawick<p>
0b67eb8568cd58bb77082703951679b42cf098actrawick Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0b67eb8568cd58bb77082703951679b42cf098actrawick If the argument begins with a '+' or '-', it is interpreted as
5ef3c61605a3a021ff71f488983cb0065f8e1a79covener an offset from the present time. For convenience, if such an offset
fb1985a97912b25ec6564c73e610a31e5fc6e25fcovener is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
09c87c777bed1655621bb20e1c46cb6b1a63279dcovener then the offset is computed in years (defined as 365 24-hour days,
6502b7b32f980cc2093bb3ebce37e5e4dc68fba4ylavic ignoring leap years), months (defined as 30 24-hour days), weeks,
6502b7b32f980cc2093bb3ebce37e5e4dc68fba4ylavic days, hours, or minutes, respectively. Without a suffix, the offset
3060ce7f798fbda7999cd4ddf89b525d2b294185covener is computed in seconds. To unset a date, use 'none'.
c1a63b8fad09c419c1a64f75993feb8a343a6801ylavic </p>
c1a63b8fad09c419c1a64f75993feb8a343a6801ylavic<div class="variablelist"><dl>
c1a63b8fad09c419c1a64f75993feb8a343a6801ylavic<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc<dd><p>
e6b4bd1113567627ab6bb6c6a7105e1e01a7d889jailletc Sets the date on which a key is to be published to the zone.
e466c40e1801982602ee0200c9e8b61cc148742djailletc After that date, the key will be included in the zone but will
e466c40e1801982602ee0200c9e8b61cc148742djailletc not be used to sign it.
457468b82e59d01eba00dd9d0817309c8f5e414ejim </p></dd>
457468b82e59d01eba00dd9d0817309c8f5e414ejim<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
457468b82e59d01eba00dd9d0817309c8f5e414ejim<dd><p>
04983e3bd1754764eec7d6bb772fe3b0bf391771jorton Sets the date on which the key is to be activated. After that
04983e3bd1754764eec7d6bb772fe3b0bf391771jorton date, the key will be included in the zone and used to sign
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem it.
15660979a30d251681463de2e0584853890082accovener </p></dd>
15660979a30d251681463de2e0584853890082accovener<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
49dacedb6c387b786b7911082ff35121a45f414bcovener<dd><p>
49dacedb6c387b786b7911082ff35121a45f414bcovener Sets the date on which the key is to be revoked. After that
cfd9415521847b2f9394fad04fb701cfb955f503rjung date, the key will be flagged as revoked. It will be included
cfd9415521847b2f9394fad04fb701cfb955f503rjung in the zone and will be used to sign it.
cfd9415521847b2f9394fad04fb701cfb955f503rjung </p></dd>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe<dd><p>
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe Sets the date on which the key is to be retired. After that
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe date, the key will still be included in the zone, but it
28c31fb73c1264bd1d0ff932573677030b024c7dwrowe will not be used to sign it.
8491e0600f69b0405e156ea8a419653c065c645bcovener </p></dd>
63b9f1f5880391261705f696d7d65507bbe9ace3covener<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
63b9f1f5880391261705f696d7d65507bbe9ace3covener<dd><p>
63b9f1f5880391261705f696d7d65507bbe9ace3covener Sets the date on which the key is to be deleted. After that
49dacedb6c387b786b7911082ff35121a45f414bcovener date, the key will no longer be included in the zone. (It
49dacedb6c387b786b7911082ff35121a45f414bcovener may remain in the key repository, however.)
49dacedb6c387b786b7911082ff35121a45f414bcovener </p></dd>
49dacedb6c387b786b7911082ff35121a45f414bcovener</dl></div>
3c990331fc6702119e4f5b8ba9eae3021aea5265jim</div>
3c990331fc6702119e4f5b8ba9eae3021aea5265jim<div class="refsect1" lang="en">
3c990331fc6702119e4f5b8ba9eae3021aea5265jim<a name="id2543657"></a><h2>PRINTING OPTIONS</h2>
3c990331fc6702119e4f5b8ba9eae3021aea5265jim<p>
fc42512879dd0504532f52fe5d0d0383dda96a1eniq <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
fc42512879dd0504532f52fe5d0d0383dda96a1eniq timing metadata associated with a key.
fc42512879dd0504532f52fe5d0d0383dda96a1eniq </p>
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq<div class="variablelist"><dl>
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq<dt><span class="term">-u</span></dt>
0451df5dc50fa5d8b3e07d92ee6a92e36a1181a5niq<dd><p>
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc Print times in UNIX epoch format.
983528026996668ea295be95aedb9c7a346af470ylavic </p></dd>
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc<dt><span class="term">-p <em class="replaceable"><code>C/P/A/R/U/D/all</code></em></span></dt>
da0442c0440caef34706e2c2f3af05cb65921cc0jailletc<dd><p>
06b8f183140c8e02e0974e938a05078b511d1603covener Print a specific metadata value or set of metadata values.
06b8f183140c8e02e0974e938a05078b511d1603covener The <code class="option">-p</code> option may be followed by one or more
06b8f183140c8e02e0974e938a05078b511d1603covener of the following letters to indicate which value or values to print:
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem <code class="option">C</code> for the creation date,
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <code class="option">P</code> for the publication date,
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <code class="option">A</code> for the activation date,
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <code class="option">R</code> for the revocation date,
259878293a997ff49f5ddfc53d3739cbdc25444ecovener <code class="option">U</code> for the unpublication date, or
15890c9306ba98f6fc243e15a3c4778ddc7d773erpluem <code class="option">D</code> for the deletion date.
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrin To print all of the metadata, use <code class="option">-p all</code>.
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrin </p></dd>
b54b024c06a19926832d77d40ba35ad8c41e4d3dminfrin</dl></div>
65967d05f839dbf27cf91d91fa79585eeae19660minfrin</div>
65967d05f839dbf27cf91d91fa79585eeae19660minfrin<div class="refsect1" lang="en">
65967d05f839dbf27cf91d91fa79585eeae19660minfrin<a name="id2543735"></a><h2>SEE ALSO</h2>
65967d05f839dbf27cf91d91fa79585eeae19660minfrin<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
8152945ae46857b170cb227e79bb799f4fc7710dminfrin <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
8152945ae46857b170cb227e79bb799f4fc7710dminfrin <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
8152945ae46857b170cb227e79bb799f4fc7710dminfrin <em class="citetitle">RFC 5011</em>.
8152945ae46857b170cb227e79bb799f4fc7710dminfrin </p>
75f5c2db254c0167a0e396254460de09b775d203trawick</div>
75f5c2db254c0167a0e396254460de09b775d203trawick<div class="refsect1" lang="en">
75f5c2db254c0167a0e396254460de09b775d203trawick<a name="id2543768"></a><h2>AUTHOR</h2>
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph<p><span class="corpauthor">Internet Systems Consortium</span>
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph </p>
4f0358189bfa57b8e75bd6b94db264302a8f336amrumph</div>
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick</div></body>
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick</html>
5716f9c6daa92dde5f2f9d11ed63f7c9549c223atrawick