50066670817cdf9e86c832066d73715232b29680Tinderbox User<html>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<head>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<title>dnssec-importkey</title>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">

50066670817cdf9e86c832066d73715232b29680Tinderbox User</head>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<div class="navheader">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<table width="100%" summary="Navigation header">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="20%" align="left">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<th width="60%" align="center">Manual pages</th>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</table>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<hr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refentry">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<a name="man.dnssec-importkey"></a><div class="titlepage"></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refnamediv">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<h2>Name</h2>

dec590a3deb8e87380a8bd3a77d535dba3729bf6Tinderbox User<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsynopsisdiv">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<h2>Synopsis</h2>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsection">

1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="id-1.14.9.7"></a><h2>DESCRIPTION</h2>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p><span class="command"><strong>dnssec-importkey</strong></span>

50066670817cdf9e86c832066d73715232b29680Tinderbox User reads a public DNSKEY record and generates a pair of

50066670817cdf9e86c832066d73715232b29680Tinderbox User .key/.private files. The DNSKEY record may be read from an

50066670817cdf9e86c832066d73715232b29680Tinderbox User existing .key file, in which case a corresponding .private file

50066670817cdf9e86c832066d73715232b29680Tinderbox User will be generated, or it may be read from any other file or

50066670817cdf9e86c832066d73715232b29680Tinderbox User from the standard input, in which case both .key and .private

50066670817cdf9e86c832066d73715232b29680Tinderbox User files will be generated.

50066670817cdf9e86c832066d73715232b29680Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User The newly-created .private file does <span class="emphasis"><em>not</em></span>

50066670817cdf9e86c832066d73715232b29680Tinderbox User contain private key data, and cannot be used for signing.

50066670817cdf9e86c832066d73715232b29680Tinderbox User However, having a .private file makes it possible to set

50066670817cdf9e86c832066d73715232b29680Tinderbox User publication (<code class="option">-P</code>) and deletion

50066670817cdf9e86c832066d73715232b29680Tinderbox User (<code class="option">-D</code>) times for the key, which means the

50066670817cdf9e86c832066d73715232b29680Tinderbox User public key can be added to and removed from the DNSKEY RRset

50066670817cdf9e86c832066d73715232b29680Tinderbox User on schedule even if the true private key is stored offline.

50066670817cdf9e86c832066d73715232b29680Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsection">

1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="id-1.14.9.8"></a><h2>OPTIONS</h2>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="variablelist"><dl class="variablelist">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dd>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Zone file mode: instead of a public keyfile name, the argument

50066670817cdf9e86c832066d73715232b29680Tinderbox User is the DNS domain name of a zone master file, which can be read

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User from <code class="option">file</code>. If the domain name is the same as

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User <code class="option">file</code>, then it may be omitted.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User If <code class="option">file</code> is set to <code class="literal">"-"</code>, then

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User the zone data is read from the standard input.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the directory in which the key files are to reside.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the default TTL to use for this key when it is converted

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User into a DNSKEY RR. If the key is imported into a zone,

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User this is the TTL that will be used for it, unless there was

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User already a DNSKEY RRset in place, in which case the existing TTL

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User would take precedence. Setting the default TTL to

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User <code class="literal">0</code> or <code class="literal">none</code> removes it.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-h</span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User Emit usage message and exit.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the debugging level.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

6f1205897504b8f50b1785975482c995888dd630Tinderbox User<dt><span class="term">-V</span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

6f1205897504b8f50b1785975482c995888dd630Tinderbox User Prints version information.

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</dl></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsection">

1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="id-1.14.9.9"></a><h2>TIMING OPTIONS</h2>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.

50066670817cdf9e86c832066d73715232b29680Tinderbox User If the argument begins with a '+' or '-', it is interpreted as

50066670817cdf9e86c832066d73715232b29680Tinderbox User an offset from the present time. For convenience, if such an offset

50066670817cdf9e86c832066d73715232b29680Tinderbox User is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',

50066670817cdf9e86c832066d73715232b29680Tinderbox User then the offset is computed in years (defined as 365 24-hour days,

50066670817cdf9e86c832066d73715232b29680Tinderbox User ignoring leap years), months (defined as 30 24-hour days), weeks,

50066670817cdf9e86c832066d73715232b29680Tinderbox User days, hours, or minutes, respectively. Without a suffix, the offset

50066670817cdf9e86c832066d73715232b29680Tinderbox User is computed in seconds. To explicitly prevent a date from being

50066670817cdf9e86c832066d73715232b29680Tinderbox User set, use 'none' or 'never'.

50066670817cdf9e86c832066d73715232b29680Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="variablelist"><dl class="variablelist">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the date on which a key is to be published to the zone.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User After that date, the key will be included in the zone but will

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User not be used to sign it.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the date on which CDS and CDNSKEY records that match this

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User key are to be published to the zone.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the date on which the key is to be deleted. After that

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User date, the key will no longer be included in the zone. (It

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User may remain in the key repository, however.)

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User Sets the date on which the CDS and CDNSKEY records that match

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User this key are to be deleted.

e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User </p></dd>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</dl></div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsection">

1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="id-1.14.9.10"></a><h2>FILES</h2>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User A keyfile can be designed by the key identification

50066670817cdf9e86c832066d73715232b29680Tinderbox User <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name

50066670817cdf9e86c832066d73715232b29680Tinderbox User <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by

50066670817cdf9e86c832066d73715232b29680Tinderbox User <span class="refentrytitle">dnssec-keygen</span>(8).

50066670817cdf9e86c832066d73715232b29680Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsection">

1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="id-1.14.9.11"></a><h2>SEE ALSO</h2>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,

50066670817cdf9e86c832066d73715232b29680Tinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

50066670817cdf9e86c832066d73715232b29680Tinderbox User <em class="citetitle">RFC 5011</em>.

50066670817cdf9e86c832066d73715232b29680Tinderbox User </p>

fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</div>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<div class="navfooter">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<hr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<table width="100%" summary="Navigation footer">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="40%" align="left">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="40%" align="left" valign="top">

50066670817cdf9e86c832066d73715232b29680Tinderbox User<span class="application">dnssec-dsfromkey</span>�</td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</td>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</tr>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</table>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</div>

5f0c46ca5f68c2148c735aa52d7541baac249c34Tinderbox User<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0b3</p>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</body>

50066670817cdf9e86c832066d73715232b29680Tinderbox User</html>