bin/dnssec/dnssec-signkey.html

	dnssec-signkey.html revision c651f15b30f1dae5cc2f00878fb5da5b3a35a468
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User<!--
6fe48fb46e53ffc37542853a1edb74cb481b7d94Automatic Updater - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
c78c39caab4cf8b5daefc9c65878f7f5ed3eb7a0Tinderbox User - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
f536382c59dd492a14667b753816d920f9981f1cTinderbox User -
ab496cc3df1648e9ad992a87c35c2c0870fdc69dTinderbox User - Permission to use, copy, modify, and distribute this software for any
7c1468ed500356839a4a222517364e6ce18cb1a2Tinderbox User - purpose with or without fee is hereby granted, provided that the above
c57668a2fbbe558c1bd21652813616f2f517c469Tinderbox User - copyright notice and this permission notice appear in all copies.
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews -
287a6a8f9040dc43560cd69cddf83bfc0f53b76fTinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews - PERFORMANCE OF THIS SOFTWARE.
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews-->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<!-- $Id: dnssec-signkey.html,v 1.6 2005/04/07 03:49:56 marka Exp $ -->
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<HTML
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews><HEAD
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews><TITLE
e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews>dnssec-signkey</TITLE
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews><META
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserNAME="GENERATOR"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCONTENT="Modular DocBook HTML Stylesheet Version 1.61
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User"></HEAD
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><BODY
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="REFENTRY"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsBGCOLOR="#FFFFFF"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserTEXT="#000000"
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark AndrewsLINK="#0000FF"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsVLINK="#840084"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserALINK="#0000FF"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><H1
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsNAME="AEN1"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="APPLICATION"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>dnssec-signkey</SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></A
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User></H1
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews><DIV
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntCLASS="REFNAMEDIV"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User><A
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserNAME="AEN9"
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt></A
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater><H2
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User>Name</H2
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater><SPAN
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan HuntCLASS="APPLICATION"
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User>dnssec-signkey</SPAN
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User>&nbsp;--&nbsp;DNSSEC key set signing tool</DIV
aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt><DIV
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox UserCLASS="REFSYNOPSISDIV"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater><A
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterNAME="AEN13"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater></A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><H2
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater>Synopsis</H2
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="COMMAND"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>dnssec-signkey</B
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater>  [<TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="OPTION"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>-a</TT
16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User>] [<TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="OPTION"
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater>-c <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="REPLACEABLE"
eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews><I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>class</I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>] [<TT
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox UserCLASS="OPTION"
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt>-s <TT
2ae159b376dac23870d8005563c585acf85a4b5aEvan HuntCLASS="REPLACEABLE"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><I
95637507c3d47481fbf0a8a8c750a57f944f677fMark Andrews>start-time</I
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt></TT
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt></TT
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt>] [<TT
2ae159b376dac23870d8005563c585acf85a4b5aEvan HuntCLASS="OPTION"
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt>-e <TT
2ae159b376dac23870d8005563c585acf85a4b5aEvan HuntCLASS="REPLACEABLE"
2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt><I
7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User>end-time</I
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews></TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></TT
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox User>] [<TT
ee11dfc481f2ef6a032a715454f6290961a722d2Tinderbox UserCLASS="OPTION"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>-h</TT
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>] [<TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="OPTION"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>-p</TT
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User>] [<TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="OPTION"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>-r <TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="REPLACEABLE"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><I
77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User>randomdev</I
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User></TT
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson>] [<TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="OPTION"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>-v <TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="REPLACEABLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><I
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>level</I
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews></TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>] {keyset} {key...}</P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></DIV
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><DIV
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonCLASS="REFSECT1"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsNAME="AEN39"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User></A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><H2
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>DESCRIPTION</H2
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson><P
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>        <B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="COMMAND"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>dnssec-signkey</B
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> signs a keyset.  Typically
28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews	the keyset will be for a child zone, and will have been generated
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews	by <B
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="COMMAND"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>dnssec-makekeyset</B
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User>.  The child zone's keyset
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews	is signed with the zone keys for its parent zone.  The output file
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User	is of the form <TT
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox UserCLASS="FILENAME"
37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User>signedkey-nnnn.</TT
fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User>, where
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont	<TT
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox UserCLASS="FILENAME"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>nnnn</TT
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont> is the zone name.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </P
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User></DIV
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User><DIV
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="REFSECT1"
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews><A
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark AndrewsNAME="AEN46"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews></A
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews><H2
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews>OPTIONS</H2
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><P
5747235bf35e7398984fd6b4632743396895ea7aTinderbox User></P
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews><DIV
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="VARIABLELIST"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><DL
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews><DT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>-a</DT
e20788e1216ed720aefa84f3295f7899d9f28c22Mark Andrews><DD
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>	      Verify all generated signatures.
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews	  </P
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User></DD
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><DT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>-c <TT
cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic UpdaterCLASS="REPLACEABLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><I
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>class</I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User></DT
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater><DD
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>	       Specifies the DNS class of the key sets.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	  </P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></DD
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><DT
fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User>-s <TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="REPLACEABLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><I
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>start-time</I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User></DT
fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater><DD
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>	       Specify the date and time when the generated SIG records
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       become valid.  This can be either an absolute or relative
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews	       time.  An absolute start time is indicated by a number
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       in YYYYMMDDHHMMSS notation; 20000530144500 denotes
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson	       14:45:00 UTC on May 30th, 2000.  A relative start time is
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       indicated by +N, which is N seconds from the current time.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews	       If no <TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="OPTION"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>start-time</TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User> is specified, the current
dd65eb1efb40b1c47d57963192bfc54873b219beAutomatic Updater	       time is used.
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	  </P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></DD
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><DT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>-e <TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="REPLACEABLE"
133e6d43fa82e80d3798be4de00f4540f485ec6cAutomatic Updater><I
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>end-time</I
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User></DT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><DD
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User><P
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson>	       Specify the date and time when the generated SIG records
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       expire.  As with <TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="OPTION"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>start-time</TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>, an absolute
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       time is indicated in YYYYMMDDHHMMSS notation.  A time relative
5f7586ddbd3edd11272cdd30ed613d936129328bTinderbox User	       to the start time is indicated with +N, which is N seconds from
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	       the start time.  A time realtive to the current time is
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews	       indicated with now+N.  If no <TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox UserCLASS="OPTION"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>end-time</TT
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User> is
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews	       specified, 30 days from the start time is used as a default.
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews	  </P
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews></DD
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User><DT
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>-h</DT
bac4435d473c9a0281507524f084480c34aa942aTinderbox User><DD
933799f3641f4f78445d015008bad0038900a82aTinderbox User><P
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User>	       Prints a short summary of the options and arguments to
a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews	       <B
7ca715ad1587a68a531ea1cdea07515d7232567eTinderbox UserCLASS="COMMAND"
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox User>dnssec-signkey</B
8711e5c73ca872d59810760af0332194cbdd619bAutomatic Updater>.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	  </P
bac4435d473c9a0281507524f084480c34aa942aTinderbox User></DD
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews><DT
933799f3641f4f78445d015008bad0038900a82aTinderbox User>-p</DT
8e5fce1f9ceba17dd7e3ff0eb287e1e999c14249Mark Andrews><DD
933799f3641f4f78445d015008bad0038900a82aTinderbox User><P
4151211e6649332f7b5a55870cbe37128bcc7b29Tinderbox User>	       Use pseudo-random data when signing the zone.  This is faster,
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews	       but less secure, than using real random data.  This option
bc0a53583d92309bebcf93c408e2f3247ebd3d3cAutomatic Updater	       may be useful when signing large zones or when the entropy
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	       source is limited.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	  </P
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater></DD
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User><DT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>-r <TT
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox UserCLASS="REPLACEABLE"
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater><I
3ec8f7777ea2b04fc1ebb63077f0916f63b1011aTinderbox User>randomdev</I
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User></TT
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User></DT
933799f3641f4f78445d015008bad0038900a82aTinderbox User><DD
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater><P
19b3dc94bce93fa76bd7e066f9298630dbc9dcb4Automatic Updater>	       Specifies the source of randomness.  If the operating
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	       system does not provide a <TT
9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic UpdaterCLASS="FILENAME"
7f94d9a8162c9a96b56e66176702b66e79d8e1a2Automatic Updater>/dev/random</TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater>
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	       or equivalent device, the default source of randomness
bac4435d473c9a0281507524f084480c34aa942aTinderbox User	       is keyboard input.  <TT
39ae0eafed076ef769fef5c18b22a8051df5c93aTinderbox UserCLASS="FILENAME"
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews>randomdev</TT
c2abd6efeb9affa70aabb63da2acb23e135cf7f2Mark Andrews> specifies
e21f41f6504b3381be86cbe7f457f9ee1fff947bTinderbox User	       the name of a character device or file containing random
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User	       data to be used instead of the default.  The special value
96ea71632887c58a9d00f47eb318bf76b35903c3Mark Andrews	       <TT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic UpdaterCLASS="FILENAME"
9cd5eb6fe0f26d65724b99216cb31dcdd12e4afdAutomatic Updater>keyboard</TT
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User> indicates that keyboard
dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User	       input should be used.
4cda4fd158d6ded5586bacea8c388445d99611eaAutomatic Updater	  </P
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></DD
b02be031b9ff37b042adc8e68e36b8bbc1f672b7Tinderbox User><DT
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User>-v <TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark AndrewsCLASS="REPLACEABLE"
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater><I
e08cdffb3ae4ad409f37e3e5a218fe4b7e0e3904Tinderbox User>level</I
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></TT
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></DT
bac4435d473c9a0281507524f084480c34aa942aTinderbox User><DD
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews><P
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox User>	       Sets the debugging level.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews	  </P
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater></DD
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><DT
933799f3641f4f78445d015008bad0038900a82aTinderbox User>keyset</DT
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater><DD
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User><P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>	        The file containing the child's keyset.
da59e63e7af147a8bcef985b98b04443e04c3a0eTinderbox User	  </P
710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User></DD
757ff043760e4743dda1a10e7d58349275934902Tinderbox User><DT
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews>key</DT
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews><DD
a03cb08d0c4f1ca5fbc121d2f02bdffa7eb52286Mark Andrews><P
757ff043760e4743dda1a10e7d58349275934902Tinderbox User>	        The keys used to sign the child's keyset.
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater	  </P
ae454ec746d1d4db8d04e107d4d25ff13158c37fMark Andrews></DD
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews></DL
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson></DIV
1bcc3273a80c256f11d9098a00ba2c041939e233Mark Andrews></DIV
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><DIV
1bcc3273a80c256f11d9098a00ba2c041939e233Mark AndrewsCLASS="REFSECT1"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><A
ba8b771c371967dd1254c7fa82ebe4158ee04b24Tinderbox UserNAME="AEN101"
bac4435d473c9a0281507524f084480c34aa942aTinderbox User></A
f520803b46dc189fdaf84adc87ef327d3587b435Mark Andrews><H2
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User>EXAMPLE</H2
b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User><P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>        The DNS administrator for a DNSSEC-aware <TT
3857cb6fcabeb79d85de4b3e3e4ab99912b701f8Mark AndrewsCLASS="USERINPUT"
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User><B
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User>.com</B
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews></TT
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson	zone would use the following command to sign the
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User	<TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="FILENAME"
9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User>keyset</TT
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews> file for <TT
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox UserCLASS="USERINPUT"
ebdf202f2198158ab4d30f22c370a9c63760d071Tinderbox User><B
8292deab031e7599cd7622aa7675fbe139ca6095Mark Andrews>example.com</B
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont></TT
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont>
caaff35375fba833f156f952aeca689e5bc7cddfFrancis Dupont	created by <B
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="COMMAND"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dnssec-makekeyset</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> with a key generated
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews	by <B
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark AndrewsCLASS="COMMAND"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dnssec-keygen</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>:
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews    </P
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews><P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>        <TT
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="USERINPUT"
78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews><B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dnssec-signkey keyset-example.com. Kcom.+003+51944</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews></TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews><P
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater>        In this example, <B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="COMMAND"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dnssec-signkey</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> creates
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews	the file <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="FILENAME"
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater>signedkey-example.com.</TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>, which
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews	contains the <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="USERINPUT"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>example.com</B
e8fc8c884b44371784805e1e0d3100da403dd3f1Automatic Updater></TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> keys and the
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews	signatures by the <TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark AndrewsCLASS="USERINPUT"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>.com</B
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews></TT
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews> keys.
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </P
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews></DIV
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews><DIV
b30ec46fec40a1b246f7965fbcd341fc6cfd1cc1Mark AndrewsCLASS="REFSECT1"
39cad8fb7d7ff3436bb24ce761354afcb80d295aMark Andrews><A
c5a97a549c89d562e999d4f906b882c5a2a474e1Tinderbox UserNAME="AEN116"
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User></A
01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews><H2
95c3a5e116c1da135f669c3f15398172fac6279dMark Andrews>SEE ALSO</H2
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox User><P
d585233c52e283d9a8849f16f04f452419a2484eTinderbox User>      <SPAN
d7d105151a78d35afb4233d2a6dbd47b7ec0d9a5Tinderbox UserCLASS="CITEREFENTRY"
e64202536ea72d8f371dd0df9fc763f8d70bf886Tinderbox User><SPAN
015055b6e23f5c08f6a5b34726f90b62597e9e45Tinderbox UserCLASS="REFENTRYTITLE"
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews>dnssec-keygen</SPAN
59528addd704f8d5757b54e540520f74e588a7c7Automatic Updater>(8)</SPAN
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>,
e40c4e4c17d4df338e2a7db0f84d8dbb3858964cTinderbox User      <SPAN
757ff043760e4743dda1a10e7d58349275934902Tinderbox UserCLASS="CITEREFENTRY"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews><SPAN
0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox UserCLASS="REFENTRYTITLE"
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>dnssec-makekeyset</SPAN
933799f3641f4f78445d015008bad0038900a82aTinderbox User>(8)</SPAN
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews>,
ce9cad6bb04869c5e94d9dc721032b25117f9210Automatic Updater      <SPAN
7f79131f9a8e804b93c57f3c679065cce878b726Automatic UpdaterCLASS="CITEREFENTRY"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><SPAN
91216cff91b34c9ff6e846dc23f248219cafe660Andreas GustafssonCLASS="REFENTRYTITLE"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>dnssec-signzone</SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>(8)</SPAN
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>.
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews    </P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></DIV
efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews><DIV
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsCLASS="REFSECT1"
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews><A
0eb371ca0dab50ae3462e98794a6126198c52f4bMark AndrewsNAME="AEN128"
3a988722ad9e209ba4064604d482dc4efe0e19ebTinderbox User></A
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington><H2
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington>AUTHOR</H2
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews><P
91d187ce035f39073f0732ff2a401a45c3c955fbMark Andrews>        Internet Software Consortium
dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews    </P
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></DIV
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></BODY
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews></HTML
0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews>