man.dnssec-keyfromlabel.html revision 0a7ed88633a680bb881868b75ded4d09a7bbbc50
e9458b1a7a19a63aa4c179f9ab20f4d50681c168Jens Elkner - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - Copyright (C) 2000-2003 Internet Software Consortium.
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - Permission to use, copy, modify, and/or distribute this software for any
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - purpose with or without fee is hereby granted, provided that the above
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - copyright notice and this permission notice appear in all copies.
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder - PERFORMANCE OF THIS SOFTWARE.
ddf62c7d08307fd8f842d9e61eda1d14a1632f38Jonathan von Schroeder<!-- $Id: man.dnssec-keyfromlabel.html,v 1.57 2009/07/19 04:27:55 tbox Exp $ -->
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2b38990d9bbe5101e892598002be9f7de5493c9bJonathan von Schroeder<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
1290d4f771dd6dae8b1e96d0e0a0e5f86ac0b9a3Jonathan von Schroeder<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
adfd71a7fa084536296230d604dc36dee007ebbeJonathan von Schroeder<table width="100%" summary="Navigation header">
2b38990d9bbe5101e892598002be9f7de5493c9bJonathan von Schroeder<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
081559cfba7150d19604bdeafdc2d9983f7216b3Jonathan von Schroeder<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
081559cfba7150d19604bdeafdc2d9983f7216b3Jonathan von Schroeder<th width="60%" align="center">Manual pages</th>
081559cfba7150d19604bdeafdc2d9983f7216b3Jonathan von Schroeder<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
ddf62c7d08307fd8f842d9e61eda1d14a1632f38Jonathan von Schroeder<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
a054459f62eab27f718decc40a2e200d425b42deJonathan von Schroeder<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p>
d9095146bf4c4ea4674cf70e5cd93f2ec481f750Christian Maeder<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
928f787abd25e6b3aae823bfdd3ba38047bd5479Christian Maeder<a name="id2605851"></a><h2>DESCRIPTION</h2>
4524a7b9cc36e34a24149056938fb8fa6f7f147aJonathan von Schroeder<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
7fb2ba4e60158a3643a0d721b9bc774685af6b46Jonathan von Schroeder gets keys with the given label from a crypto hardware and builds
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder key files for DNSSEC (Secure DNS), as defined in RFC 2535
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<a name="id2605865"></a><h2>OPTIONS</h2>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Selects the cryptographic algorithm. The value of
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <code class="option">algorithm</code> must be one of RSAMD5 (RSA)
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder These values are case insensitive.
b9ff59730c0ac139a6005f20f4a544f80b0d534bChristian Maeder Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
b9ff59730c0ac139a6005f20f4a544f80b0d534bChristian Maeder algorithm, and DSA is recommended.
b9ff59730c0ac139a6005f20f4a544f80b0d534bChristian Maeder Note 2: DH automatically sets the -k flag.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Specifies the label of keys in the crypto hardware
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder (PKCS#11 device).
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Specifies the owner type of the key. The value of
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <code class="option">nametype</code> must either be ZONE (for a DNSSEC
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder These values are
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder case insensitive.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
093d90ea41a2a0d93d6b26d44341061548487108Jonathan von Schroeder Indicates that the DNS record containing the key should have
093d90ea41a2a0d93d6b26d44341061548487108Jonathan von Schroeder the specified class. If not specified, class IN is used.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Set the specified flag in the flag field of the KEY/DNSKEY record.
821a3eed99308efb01c25014f9fbc9aeb62265bbJonathan von Schroeder The only recognized flag is KSK (Key Signing Key) DNSKEY.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Prints a short summary of the options and arguments to
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <span><strong class="command">dnssec-keygen</strong></span>.
7530bacfe0513d2920eb3f1c0f2dabbf66892512Jonathan von Schroeder<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Sets the directory in which the key files are to be written.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Generate KEY records rather than DNSKEY records.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Sets the protocol value for the generated key. The protocol
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder is a number between 0 and 255. The default is 3 (DNSSEC).
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Other possible values for this argument are listed in
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder RFC 2535 and its successors.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Indicates the use of the key. <code class="option">type</code> must be
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder is AUTHCONF. AUTH refers to the ability to authenticate
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder data, and CONF the ability to encrypt data.
7530bacfe0513d2920eb3f1c0f2dabbf66892512Jonathan von Schroeder<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder Sets the debugging level.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<a name="id2606215"></a><h2>GENERATED KEY FILES</h2>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
1a38107941725211e7c3f051f7a8f5e12199f03acmaeder successfully,
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder to the standard output. This is an identification string for
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder the key files it has generated.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<div class="itemizedlist"><ul type="disc">
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<li><p><code class="filename">nnnn</code> is the key name.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<li><p><code class="filename">aaa</code> is the numeric representation
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<li><p><code class="filename">iiiii</code> is the key identifier (or
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder creates two files, with names based
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder contains the public key, and
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder The <code class="filename">.key</code> file contains a DNS KEY record
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder can be inserted into a zone file (directly or with a $INCLUDE
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder The <code class="filename">.private</code> file contains algorithm
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder fields. For obvious security reasons, this file does not have
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder general read permission.
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<a name="id2606445"></a><h2>SEE ALSO</h2>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<a name="id2606485"></a><h2>AUTHOR</h2>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<p><span class="corpauthor">Internet Systems Consortium</span>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<table width="100%" summary="Navigation footer">
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<td width="40%" align="left" valign="top">
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<span class="application">dnssec-dsfromkey</span>�</td>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
418841b9f41b555679a0aac76c56e9995b928876Jonathan von Schroeder<td width="40%" align="right" valign="top">�<span class="application">dnssec-keygen</span>