man.dnssec-importkey.html revision f6e04b59238a309b1be2d5415c195325edec8aa6
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - copyright notice and this permission notice appear in all copies.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
83a28ca274521e15086fc39febde507bcc4e145eMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - PERFORMANCE OF THIS SOFTWARE.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<!-- $Id$ -->
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<link rel="next" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
194e2dfffa6a167b8eef0ad11864026b423a1c30Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c1a883f2e04d94e99c433b1f6cfd0c0338f4ed85Mark Andrews<tr><th colspan="3" align="center"><span class="application">dnssec-importkey</span></th></tr>
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keyfromlabel.html">Next</a>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<a name="man.dnssec-importkey"></a><div class="titlepage"></div>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span class="application">dnssec-importkey</span> — Import DNSKEY records from external systems so they can be managed.</p>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] {<code class="option">keyfile</code>}</p></div>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<div class="cmdsynopsis"><p><code class="command">dnssec-importkey</code> {<code class="option">-f <em class="replaceable"><code>filename</code></em></code>} [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">dnsname</code>]</p></div>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson<a name="id2623182"></a><h2>DESCRIPTION</h2>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<p><span><strong class="command">dnssec-importkey</strong></span>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein reads a public DNSKEY record and generates a pair of
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson .key/.private files. The DNSKEY record may be read from an
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein existing .key file, in which case a corresponding .private file
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson will be generated, or it may be read from any other file or
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson from the standard input, in which case both .key and .private
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein files will be generated.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein The newly-created .private file does <span class="emphasis"><em>not</em></span>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson contain private key data, and cannot be used for signing.
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson However, having a .private file makes it possible to set
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein publication (<code class="option">-P</code>) and deletion
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein (<code class="option">-D</code>) times for the key, which means the
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein public key can be added to and removed from the DNSKEY RRset
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson on schedule even if the true private key is stored offline.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-f <em class="replaceable"><code>filename</code></em></span></dt>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson Zone file mode: instead of a public keyfile name, the argument
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson is the DNS domain name of a zone master file, which can be read
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein from <code class="option">file</code>. If the domain name is the same as
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="option">file</code>, then it may be omitted.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt the zone data is read from the standard input.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the directory in which the key files are to reside.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson Sets the default TTL to use for this key when it is converted
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein into a DNSKEY RR. If the key is imported into a zone,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein this is the TTL that will be used for it, unless there was
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein already a DNSKEY RRset in place, in which case the existing TTL
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein would take precedence. Setting the default TTL to
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="literal">0</code> or <code class="literal">none</code> removes it.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Emit usage message and exit.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the debugging level.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Prints version information.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein If the argument begins with a '+' or '-', it is interpreted as
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein an offset from the present time. For convenience, if such an offset
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt then the offset is computed in years (defined as 365 24-hour days,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein ignoring leap years), months (defined as 30 24-hour days), weeks,
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews days, hours, or minutes, respectively. Without a suffix, the offset
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein is computed in seconds. To explicitly prevent a date from being
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein set, use 'none' or 'never'.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the date on which a key is to be published to the zone.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein After that date, the key will be included in the zone but will
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein not be used to sign it.
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein Sets the date on which the key is to be deleted. After that
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein date, the key will no longer be included in the zone. (It
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein may remain in the key repository, however.)
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein A keyfile can be designed by the key identification
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <span class="refentrytitle">dnssec-keygen</span>(8).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
30eec077db2bdcb6f2a0dc388a3cdde2ede75ec1Mark Andrews <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
268a4475065fe6a8cd7cc707820982cf5e98f430Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>,