dnssec-signkey.docbook revision c651f15b30f1dae5cc2f00878fb5da5b3a35a468
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN">
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - Permission to use, copy, modify, and distribute this software for any
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - purpose with or without fee is hereby granted, provided that the above
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - copyright notice and this permission notice appear in all copies.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync - PERFORMANCE OF THIS SOFTWARE.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync<!-- $Id: dnssec-signkey.docbook,v 1.6 2005/04/07 03:49:56 marka Exp $ -->
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refentryinfo>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </refentryinfo>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refentrytitle><application>dnssec-signkey</application></refentrytitle>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refnamediv>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refname><application>dnssec-signkey</application></refname>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refpurpose>DNSSEC key set signing tool</refpurpose>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </refnamediv>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <refsynopsisdiv>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <cmdsynopsis>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </cmdsynopsis>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </refsynopsisdiv>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <command>dnssec-signkey</command> signs a keyset. Typically
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync the keyset will be for a child zone, and will have been generated
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync by <command>dnssec-makekeyset</command>. The child zone's keyset
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync is signed with the zone keys for its parent zone. The output file
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync is of the form <filename>signedkey-nnnn.</filename>, where
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </refsect1>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <variablelist>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Verify all generated signatures.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <term>-c <replaceable class="parameter">class</replaceable></term>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Specifies the DNS class of the key sets.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <term>-s <replaceable class="parameter">start-time</replaceable></term>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Specify the date and time when the generated SIG records
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync become valid. This can be either an absolute or relative
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync time. An absolute start time is indicated by a number
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync in YYYYMMDDHHMMSS notation; 20000530144500 denotes
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync 14:45:00 UTC on May 30th, 2000. A relative start time is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync indicated by +N, which is N seconds from the current time.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync If no <option>start-time</option> is specified, the current
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync time is used.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <term>-e <replaceable class="parameter">end-time</replaceable></term>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Specify the date and time when the generated SIG records
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync expire. As with <option>start-time</option>, an absolute
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync time is indicated in YYYYMMDDHHMMSS notation. A time relative
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync to the start time is indicated with +N, which is N seconds from
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync the start time. A time relative to the current time is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync indicated with now+N. If no <option>end-time</option> is
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync specified, 30 days from the start time is used as a default.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Prints a short summary of the options and arguments to
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Use pseudo-random data when signing the zone. This is faster,
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync but less secure, than using real random data. This option
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync may be useful when signing large zones or when the entropy
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync source is limited.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <term>-r <replaceable class="parameter">randomdev</replaceable></term>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Specifies the source of randomness. If the operating
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync system does not provide a <filename>/dev/random</filename>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync or equivalent device, the default source of randomness
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync is keyboard input. <filename>randomdev</filename> specifies
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync the name of a character device or file containing random
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync data to be used instead of the default. The special value
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <filename>keyboard</filename> indicates that keyboard
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync input should be used.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <term>-v <replaceable class="parameter">level</replaceable></term>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync Sets the debugging level.
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </listitem>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync </varlistentry>
1b33c96954667ba382fa595baf7b31290bfdd517vboxsync <varlistentry>