a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<html>

1f4c645185bd8fc70048e0a69eee46193a284e5cTinderbox User<head>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

8de3f14f1c300c3e1ed99084cc03485b42c92bf1Tinderbox User<title>dnssec-importkey</title>

950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">

b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">

e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">

e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</head>

a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

a7c412f37cc73d0332887a746e81220cbf09dd00Mark Andrews<div class="navheader">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<table width="100%" summary="Navigation header">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>

e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<tr>

e676a596869d8a80a644c99a848afb53d1c5975eMark Andrews<td width="20%" align="left">

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<th width="60%" align="center">Manual pages</th>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</td>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</tr>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</table>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<hr>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</div>

efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews<div class="refentry">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="man.dnssec-importkey"></a><div class="titlepage"></div>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="refnamediv">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<h2>Name</h2>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<p><span class="application">dnssec-importkey</span> &#8212; import DNSKEY records from external systems so they can be managed</p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="refsynopsisdiv">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<h2>Synopsis</h2>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-P sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D sync <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>

b886b04d8d2b085cbf3e1bf4442dee87f43ba5e4Tinderbox User</div>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<div class="refsection">

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt<a name="id-1.14.9.7"></a><h2>DESCRIPTION</h2>

dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<p><span class="command"><strong>dnssec-importkey</strong></span>

0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User reads a public DNSKEY record and generates a pair of

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt .key/.private files. The DNSKEY record may be read from an

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater existing .key file, in which case a corresponding .private file

16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User will be generated, or it may be read from any other file or

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater from the standard input, in which case both .key and .private

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt files will be generated.

dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User </p>

0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<p>

aa9c561961e9d877946ebaa8795fa2be054ab7bfEvan Hunt The newly-created .private file does <span class="emphasis"><em>not</em></span>

710bce1a85c96e85ca1a90471382055acd29d51fTinderbox User contain private key data, and cannot be used for signing.

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater However, having a .private file makes it possible to set

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater publication (<code class="option">-P</code>) and deletion

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater (<code class="option">-D</code>) times for the key, which means the

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews public key can be added to and removed from the DNSKEY RRset

cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater on schedule even if the true private key is stored offline.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</div>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<div class="refsection">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id-1.14.9.8"></a><h2>OPTIONS</h2>

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater<div class="variablelist"><dl class="variablelist">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dd>

16f6050f29b6b0422cee858e609f65e474e70ef2Tinderbox User<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Zone file mode: instead of a public keyfile name, the argument

9513a2a6670951f5cf5477fcfec9f933fcaff628Automatic Updater is the DNS domain name of a zone master file, which can be read

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews from <code class="option">file</code>. If the domain name is the same as

eabc9c3c07cd956d3c436bd7614cb162dabdda76Mark Andrews <code class="option">file</code>, then it may be omitted.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews If <code class="option">file</code> is set to <code class="literal">"-"</code>, then

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews the zone data is read from the standard input.

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt </p>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt</dd>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>

95637507c3d47481fbf0a8a8c750a57f944f677fMark Andrews<dd><p>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt Sets the directory in which the key files are to reside.

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt </p></dd>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt<dd><p>

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt Sets the default TTL to use for this key when it is converted

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt into a DNSKEY RR. If the key is imported into a zone,

2ae159b376dac23870d8005563c585acf85a4b5aEvan Hunt this is the TTL that will be used for it, unless there was

7cc0a5d21ef046bfd630c4769943d896a7d7472cTinderbox User already a DNSKEY RRset in place, in which case the existing TTL

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews would take precedence. Setting the default TTL to

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <code class="literal">0</code> or <code class="literal">none</code> removes it.

950d203b64f512b85fcc093ee1e9e3e531a1aea3Tinderbox User </p></dd>

27739dd25026283c24645c8a1044b95ef9eb5ac6Tinderbox User<dt><span class="term">-h</span></dt>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd><p>

18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User Emit usage message and exit.

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </p></dd>

7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>

0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<dd><p>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews Sets the debugging level.

18920d790825d96ca3943aa2dcb6eb80dc611c5fTinderbox User </p></dd>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dt><span class="term">-V</span></dt>

7a6494cfb6cc7d3f67af07359561e05e6bb8c0edTinderbox User<dd><p>

77932ac533c711eca5cd86de4e7eca8d91102b43Tinderbox User Prints version information.

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </p></dd>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</dl></div>

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson</div>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="refsection">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a name="id-1.14.9.9"></a><h2>TIMING OPTIONS</h2>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<p>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User If the argument begins with a '+' or '-', it is interpreted as

efb0e886f18894a1d2489f1ad74ad14b579e11c7Mark Andrews an offset from the present time. For convenience, if such an offset

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User then the offset is computed in years (defined as 365 24-hour days,

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews ignoring leap years), months (defined as 30 24-hour days), weeks,

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User days, hours, or minutes, respectively. Without a suffix, the offset

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson is computed in seconds. To explicitly prevent a date from being

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User set, use 'none' or 'never'.

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews </p>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<div class="variablelist"><dl class="variablelist">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<dd><p>

91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson Sets the date on which a key is to be published to the zone.

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User After that date, the key will be included in the zone but will

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews not be used to sign it.

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User </p></dd>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<dt><span class="term">-P sync <em class="replaceable"><code>date/offset</code></em></span></dt>

28a5dd720187fddb16055a0f64b63a7b66f29f64Mark Andrews<dd><p>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews Sets the date on which CDS and CDNSKEY records that match this

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews key are to be published to the zone.

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews </p></dd>

0e573cdd111e060e5f6c18249b5ccacbe8abe278Tinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<dd><p>

fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User Sets the date on which the key is to be deleted. After that

37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User date, the key will no longer be included in the zone. (It

37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User may remain in the key repository, however.)

fd972434c29fc1169d66594e4cc7697d33036c2bTinderbox User </p></dd>

2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-D sync <em class="replaceable"><code>date/offset</code></em></span></dt>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<dd><p>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews Sets the date on which the CDS and CDNSKEY records that match

2a31bd531072824ef252c18303859d6af7451b00Francis Dupont this key are to be deleted.

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews </p></dd>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews</dl></div>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews</div>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refsection">

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews<a name="id-1.14.9.10"></a><h2>FILES</h2>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<p>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews A keyfile can be designed by the key identification

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews <span class="refentrytitle">dnssec-keygen</span>(8).

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews </p>

78f3ed4bc2fcd3d270bfd599804f3b27a1db4d91Mark Andrews</div>

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refsection">

dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User<a name="id-1.14.9.11"></a><h2>SEE ALSO</h2>

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,

e20788e1216ed720aefa84f3295f7899d9f28c22Mark Andrews <em class="citetitle">BIND 9 Administrator Reference Manual</em>,

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews <em class="citetitle">RFC 5011</em>.

dedefc0bdbb4e6e39eeb98aa2fc6883efec2ddb0Mark Andrews </p>

01a5c5503482fb3ba52088bf0178a7213273bf96Mark Andrews</div>

dc238a06bffa79de141ee7655765e2df91498a8aTinderbox User</div>

37d8e0a4455876fe1e4cca511076cc2c5ab9eedeTinderbox User<div class="navfooter">

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<hr>

cdfc81e048bd34c1d628380247bda6b80a89e20eAutomatic Updater<table width="100%" summary="Navigation footer">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<tr>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td width="40%" align="left">

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>

fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</td>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</tr>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<tr>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews<td width="40%" align="left" valign="top">

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<span class="application">dnssec-dsfromkey</span>�</td>

fa0326cc2cf428f67575b6ba3b97b528a31b0010Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</td>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</tr>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</table>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</div>

fe80a4909bf62b602feaf246866e9d29f7654194Automatic Updater<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0b3</p>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User</body>

0eb371ca0dab50ae3462e98794a6126198c52f4bMark Andrews</html>

9ecb5d33470ebfb3719a1b8d56bcefdf4b27f7b2Tinderbox User