doc/arm/man.dnssec-importkey.html

	man.dnssec-importkey.html revision 60c29cf21affb5243753e22f9ff43347013ae8eb
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<!--
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - Copyright (C) 2000-2003 Internet Software Consortium.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence -
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - Permission to use, copy, modify, and/or distribute this software for any
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - purpose with or without fee is hereby granted, provided that the above
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - copyright notice and this permission notice appear in all copies.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence -
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence - PERFORMANCE OF THIS SOFTWARE.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence-->
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<!-- $Id$ -->
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<html>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<head>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<title>dnssec-importkey</title>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
899f7f9af527d3dfe8345dcc8210d7c23fc950afDavid Lawrence<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</head>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="navheader">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<table width="100%" summary="Navigation header">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<tr>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<td width="20%" align="left">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<th width="60%" align="center">Manual pages</th>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</td>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</tr>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</table>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<hr>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refentry" lang="en">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refnamediv">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<h2>Name</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refsynopsisdiv">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<h2>Synopsis</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code>  {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refsect1" lang="en">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2619091"></a><h2>DESCRIPTION</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p><span><strong class="command">dnssec-importkey</strong></span>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      reads a public DNSKEY record and generates a pair of
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      .key/.private files.  The DNSKEY record may be read from an
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      existing .key file, in which case a corresponding .private file
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      will be generated, or it may be read from any other file or
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      from the standard input, in which case both .key and .private
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      files will be generated.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence    </p>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      The newly-created .private file does <span class="emphasis"><em>not</em></span>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      contain private key data, and cannot be used for signing.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      However, having a .private file makes it possible to set
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      publication (<code class="option">-P</code>) and deletion
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      (<code class="option">-D</code>) times for the key, which means the
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      public key can be added to and removed from the DNSKEY RRset
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      on schedule even if the true private key is stored offline.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence    </p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refsect1" lang="en">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2619460"></a><h2>OPTIONS</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="variablelist"><dl>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence            Zone file mode: instead of a public keyfile name, the argument
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence        is the DNS domain name of a zone master file, which can be read
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence            from <code class="option">file</code>.  If the domain name is the same as
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence            <code class="option">file</code>, then it may be omitted.
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence          </p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            the zone data is read from the standard input.
d409ceeda41a256e8114423674d844d5f5035ee8Bob Halley          </p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            Sets the directory in which the key files are to reside.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence          </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            Sets the default TTL to use for this key when it is converted
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            into a DNSKEY RR.  If the key is imported into a zone,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            this is the TTL that will be used for it, unless there was
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            already a DNSKEY RRset in place, in which case the existing TTL
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            would take precedence.  Setting the default TTL to
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            <code class="literal">0</code> or <code class="literal">none</code> removes it.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence          </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-h</span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence        Emit usage message and exit.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            Sets the debugging level.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence          </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-V</span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence        Prints version information.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</dl></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refsect1" lang="en">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2619597"></a><h2>TIMING OPTIONS</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      If the argument begins with a '+' or '-', it is interpreted as
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      an offset from the present time.  For convenience, if such an offset
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      then the offset is computed in years (defined as 365 24-hour days,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      ignoring leap years), months (defined as 30 24-hour days), weeks,
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      days, hours, or minutes, respectively.  Without a suffix, the offset
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      is computed in seconds.  To explicitly prevent a date from being
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      set, use 'none' or 'never'.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence    </p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="variablelist"><dl>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            Sets the date on which a key is to be published to the zone.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            After that date, the key will be included in the zone but will
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            not be used to sign it.
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence          </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<dd><p>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            Sets the date on which the key is to be deleted.  After that
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            date, the key will no longer be included in the zone.  (It
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence            may remain in the key repository, however.)
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence          </p></dd>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</dl></div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence</div>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<div class="refsect1" lang="en">
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<a name="id2619644"></a><h2>FILES</h2>
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence<p>
edcd1247ad7e81bb8b430e610d9718f64c70f05dDavid Lawrence      A keyfile can be designed by the key identification
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence      <span class="refentrytitle">dnssec-keygen</span>(8).
fc80027fb54b501cdd88461bf879d078259e0226David Lawrence    </p>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</div>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<div class="refsect1" lang="en">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<a name="id2619875"></a><h2>SEE ALSO</h2>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence      <em class="citetitle">RFC 5011</em>.
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence    </p>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</div>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<div class="refsect1" lang="en">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<a name="id2619908"></a><h2>AUTHOR</h2>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<p><span class="corpauthor">Internet Systems Consortium</span>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence    </p>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</div>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</div>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<div class="navfooter">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<hr>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<table width="100%" summary="Navigation footer">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<tr>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="40%" align="left">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</tr>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<tr>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="40%" align="left" valign="top">
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<span class="application">dnssec-dsfromkey</span>�</td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</td>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</tr>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</table>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</div>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence<p style="text-align: center;">BIND Version 9.11</p>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</body>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence</html>
863ac191b448a13ae1a3a8ee3458344e11602737David Lawrence