a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<html>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<head>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<title>dnssec-importkey</title>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">

1aa436f9cf296371958c83e8a91af0015284aa23Christian Maeder<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder</head>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<div class="navheader">

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<table width="100%" summary="Navigation header">

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<tr>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<td width="20%" align="left">

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<th width="60%" align="center">Manual pages</th>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder</td>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder</tr>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder</table>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<hr>

a2faf9f1b935e7f28696b6c85c167233b995ea45Christian Maeder</div>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<div class="refentry" lang="en">

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<a name="man.dnssec-importkey"></a><div class="titlepage"></div>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<div class="refnamediv">

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<h2>Name</h2>

1aa436f9cf296371958c83e8a91af0015284aa23Christian Maeder<p><span class="application">dnssec-importkey</span> &#8212; Import DNSKEY records from external systems so they can be managed.</p>

f6e8cbed94ff9101258d866d519b925dc566ec28Christian Maeder</div>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<div class="refsynopsisdiv">

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<h2>Synopsis</h2>

f6e8cbed94ff9101258d866d519b925dc566ec28Christian Maeder<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>

b756995ba75c47cef7a133ec509865963fb1d798Christian Maeder</div>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<div class="refsect1" lang="en">

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<a name="id2621652"></a><h2>DESCRIPTION</h2>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<p><span><strong class="command">dnssec-importkey</strong></span>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder reads a public DNSKEY record and generates a pair of

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder .key/.private files. The DNSKEY record may be read from an

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder existing .key file, in which case a corresponding .private file

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder will be generated, or it may be read from any other file or

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder from the standard input, in which case both .key and .private

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder files will be generated.

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder </p>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<p>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder The newly-created .private file does <span class="emphasis"><em>not</em></span>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder contain private key data, and cannot be used for signing.

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder However, having a .private file makes it possible to set

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder publication (<code class="option">-P</code>) and deletion

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder (<code class="option">-D</code>) times for the key, which means the

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder public key can be added to and removed from the DNSKEY RRset

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder on schedule even if the true private key is stored offline.

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder </p>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder</div>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<div class="refsect1" lang="en">

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<a name="id2621680"></a><h2>OPTIONS</h2>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<div class="variablelist"><dl>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<dd>

2abcdc69761b88c4db85b1cdbf55798c8128b356Christian Maeder<p>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder Zone file mode: instead of a public keyfile name, the argument

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder is the DNS domain name of a zone master file, which can be read

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder from <code class="option">file</code>. If the domain name is the same as

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder <code class="option">file</code>, then it may be omitted.

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder </p>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder<p>

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder If <code class="option">file</code> is set to <code class="literal">"-"</code>, then

153b3f2f7cf7681972a78c189b9f4f5fa56f1f25Christian Maeder the zone data is read from the standard input.

</p>

</dd>

<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>

<dd><p>

Sets the directory in which the key files are to reside.

</p></dd>

<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>

<dd><p>

Sets the default TTL to use for this key when it is converted

into a DNSKEY RR. If the key is imported into a zone,

this is the TTL that will be used for it, unless there was

already a DNSKEY RRset in place, in which case the existing TTL

would take precedence. Setting the default TTL to

<code class="literal">0</code> or <code class="literal">none</code> removes it.

</p></dd>

<dt><span class="term">-h</span></dt>

<dd><p>

Emit usage message and exit.

</p></dd>

<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>

<dd><p>

Sets the debugging level.

</p></dd>

<dt><span class="term">-V</span></dt>

<dd><p>

Prints version information.

</p></dd>

</dl></div>

</div>

<div class="refsect1" lang="en">

<a name="id2621817"></a><h2>TIMING OPTIONS</h2>

<p>

Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.

If the argument begins with a '+' or '-', it is interpreted as

an offset from the present time. For convenience, if such an offset

is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',

then the offset is computed in years (defined as 365 24-hour days,

ignoring leap years), months (defined as 30 24-hour days), weeks,

days, hours, or minutes, respectively. Without a suffix, the offset

is computed in seconds. To explicitly prevent a date from being

set, use 'none' or 'never'.

</p>

<div class="variablelist"><dl>

<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>

<dd><p>

Sets the date on which a key is to be published to the zone.

After that date, the key will be included in the zone but will

not be used to sign it.

</p></dd>

<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>

<dd><p>

Sets the date on which the key is to be deleted. After that

date, the key will no longer be included in the zone. (It

may remain in the key repository, however.)

</p></dd>

</dl></div>

</div>

<div class="refsect1" lang="en">

<a name="id2621864"></a><h2>FILES</h2>

<p>

A keyfile can be designed by the key identification

<code class="filename">Knnnn.+aaa+iiiii</code> or the full file name

<code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by

<span class="refentrytitle">dnssec-keygen</span>(8).

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2621890"></a><h2>SEE ALSO</h2>

<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,

<span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,

<em class="citetitle">BIND 9 Administrator Reference Manual</em>,

<em class="citetitle">RFC 5011</em>.

</p>

</div>

<div class="refsect1" lang="en">

<a name="id2621923"></a><h2>AUTHOR</h2>

<p><span class="corpauthor">Internet Systems Consortium</span>

</p>

</div>

</div>

<div class="navfooter">

<hr>

<table width="100%" summary="Navigation footer">

<tr>

<td width="40%" align="left">

<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>

<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>

<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>

</td>

</tr>

<tr>

<td width="40%" align="left" valign="top">

<span class="application">dnssec-dsfromkey</span>�</td>

<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>

<td width="40%" align="right" valign="top">�<span class="application">dnssec-keyfromlabel</span>

</td>

</tr>

</table>

</div>

<p style="text-align: center;">BIND 9.11.0pre-alpha</p>

</body>

</html>