man.dnssec-importkey.html revision cd32f419a8a5432fbb139f56ee73cbf68b9350cc
5cd4555ad444fd391002ae32450572054369fd42Rob Austein - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - Copyright (C) 2000-2003 Internet Software Consortium.
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews - Permission to use, copy, modify, and/or distribute this software for any
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews - purpose with or without fee is hereby granted, provided that the above
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - copyright notice and this permission notice appear in all copies.
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
d4ef65050feac78554addf6e16a06c6e2e0bd331Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews<!-- $Id$ -->
f5d30e2864e048a42c4dc1134993ae7efdb5d6c3Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
b5ad6dfea4cc3e7d1d322ac99f1e5a31096837c4Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<p><span><strong class="command">dnssec-importkey</strong></span>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley reads a public DNSKEY record and generates a pair of
94bd918b63001277f1b28ae4581645f8a835688fBob Halley .key/.private files. The DNSKEY record may be read from an
94bd918b63001277f1b28ae4581645f8a835688fBob Halley existing .key file, in which case a corresponding .private file
94bd918b63001277f1b28ae4581645f8a835688fBob Halley will be generated, or it may be read from any other file or
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein from the standard input, in which case both .key and .private
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein files will be generated.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The newly-created .private file does <span class="emphasis"><em>not</em></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein contain private key data, and cannot be used for signing.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein However, having a .private file makes it possible to set
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein publication (<code class="option">-P</code>) and deletion
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein (<code class="option">-D</code>) times for the key, which means the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein public key can be added to and removed from the DNSKEY RRset
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein on schedule even if the true private key is stored offline.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Zone file mode: instead of a public keyfile name, the argument
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is the DNS domain name of a zone master file, which can be read
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein from <code class="option">file</code>. If the domain name is the same as
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="option">file</code>, then it may be omitted.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein the zone data is read from the standard input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the directory in which the key files are to reside.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the default TTL to use for this key when it is converted
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein into a DNSKEY RR. If the key is imported into a zone,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein this is the TTL that will be used for it, unless there was
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein already a DNSKEY RRset in place, in which case the existing TTL
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein would take precedence. Setting the default TTL to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="literal">0</code> or <code class="literal">none</code> removes it.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Emit usage message and exit.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the debugging level.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Prints version information.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If the argument begins with a '+' or '-', it is interpreted as
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein an offset from the present time. For convenience, if such an offset
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein then the offset is computed in years (defined as 365 24-hour days,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein ignoring leap years), months (defined as 30 24-hour days), weeks,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein days, hours, or minutes, respectively. Without a suffix, the offset
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is computed in seconds. To explicitly prevent a date from being
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein set, use 'none' or 'never'.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the date on which a key is to be published to the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein After that date, the key will be included in the zone but will
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein not be used to sign it.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the date on which the key is to be deleted. After that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein date, the key will no longer be included in the zone. (It
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein may remain in the key repository, however.)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A keyfile can be designed by the key identification
7389e8330d62a059b8923fb8ca6f933caeb559d9Mark Andrews <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
94bd918b63001277f1b28ae4581645f8a835688fBob Halley <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
94bd918b63001277f1b28ae4581645f8a835688fBob Halley <span class="refentrytitle">dnssec-keygen</span>(8).
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
94bd918b63001277f1b28ae4581645f8a835688fBob Halley <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
94bd918b63001277f1b28ae4581645f8a835688fBob Halley <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
7389e8330d62a059b8923fb8ca6f933caeb559d9Mark Andrews<p><span class="corpauthor">Internet Systems Consortium</span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<span class="application">dnssec-dsfromkey</span>�</td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
94bd918b63001277f1b28ae4581645f8a835688fBob Halley<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p style="text-align: center;">BIND 9.11.0pre-alpha</p>