man.dnssec-importkey.html revision bd9a66d553962387bf36ada994e3658fa16f5639
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
71cef386fae61275b03e203825680b39fedaa8c6Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - PERFORMANCE OF THIS SOFTWARE.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<table width="100%" summary="Navigation header">
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span><strong class="command">dnssec-importkey</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User reads a public DNSKEY record and generates a pair of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User .key/.private files. The DNSKEY record may be read from an
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User existing .key file, in which case a corresponding .private file
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User will be generated, or it may be read from any other file or
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User from the standard input, in which case both .key and .private
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User files will be generated.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User The newly-created .private file does <span class="emphasis"><em>not</em></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User contain private key data, and cannot be used for signing.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User However, having a .private file makes it possible to set
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User publication (<code class="option">-P</code>) and deletion
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User (<code class="option">-D</code>) times for the key, which means the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User public key can be added to and removed from the DNSKEY RRset
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User on schedule even if the true private key is stored offline.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User Zone file mode: instead of a public keyfile name, the argument
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User is the DNS domain name of a zone master file, which can be read
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User from <code class="option">file</code>. If the domain name is the same as
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User <code class="option">file</code>, then it may be omitted.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User the zone data is read from the standard input.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User Sets the directory in which the key files are to reside.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Sets the default TTL to use for this key when it is converted
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User into a DNSKEY RR. If the key is imported into a zone,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User this is the TTL that will be used for it, unless there was
7e71f05d8643aca84914437c900cb716444507e4Tinderbox User already a DNSKEY RRset in place, in which case the existing TTL
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User would take precedence. Setting the default TTL to
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="literal">0</code> or <code class="literal">none</code> removes it.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Emit usage message and exit.
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Sets the debugging level.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User Prints version information.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2622680"></a><h2>TIMING OPTIONS</h2>
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User If the argument begins with a '+' or '-', it is interpreted as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User an offset from the present time. For convenience, if such an offset
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User then the offset is computed in years (defined as 365 24-hour days,
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User ignoring leap years), months (defined as 30 24-hour days), weeks,
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User days, hours, or minutes, respectively. Without a suffix, the offset
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User is computed in seconds. To explicitly prevent a date from being
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User set, use 'none' or 'never'.
9c8c1a04853db32f2578a269cab9239c4f4c8b9bTinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User Sets the date on which a key is to be published to the zone.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User After that date, the key will be included in the zone but will
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User not be used to sign it.
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User Sets the date on which the key is to be deleted. After that
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User date, the key will no longer be included in the zone. (It
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User may remain in the key repository, however.)
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User A keyfile can be designed by the key identification
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <span class="refentrytitle">dnssec-keygen</span>(8).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<table width="100%" summary="Navigation footer">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
1ebb25608fa10737ea27abd4e0481707ccd45581Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<span class="application">dnssec-dsfromkey</span>�</td>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p style="text-align: center;">BIND 9.11.0pre-alpha</p>