doc/arm/man.dnssec-keyfromlabel.html

	man.dnssec-keyfromlabel.html revision e4adb07cc1f8253b3c39aeeeb3ea03dc5b7011cc
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<!--
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - Copyright (C) 2000-2003 Internet Software Consortium.
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User -
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - copyright notice and this permission notice appear in all copies.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont -
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
cd32f419a8a5432fbb139f56ee73cbf68b9350ccTinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
50066670817cdf9e86c832066d73715232b29680Tinderbox User - PERFORMANCE OF THIS SOFTWARE.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont-->
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<!-- $Id: man.dnssec-keyfromlabel.html,v 1.74 2009/10/27 01:14:44 tbox Exp $ -->
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<html>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<head>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<title>dnssec-keyfromlabel</title>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
50066670817cdf9e86c832066d73715232b29680Tinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont</head>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<div class="navheader">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<table width="100%" summary="Navigation header">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<tr>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<td width="20%" align="left">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<th width="60%" align="center">Manual pages</th>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</tr>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont</table>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<hr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refentry" lang="en">
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refnamediv">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<h2>Name</h2>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="refsynopsisdiv">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<h2>Synopsis</h2>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsect1" lang="en">
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<a name="id2606788"></a><h2>DESCRIPTION</h2>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      gets keys with the given label from a crypto hardware and builds
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      key files for DNSSEC (Secure DNS), as defined in RFC 2535
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      and RFC 4034.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    </p>
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      The <code class="option">name</code> of the key is specified on the command
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      line.  This must match the name of the zone for which the key is
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      being generated.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    </p>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater</div>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="refsect1" lang="en">
cd791043c8a6edbcacc2392575a9816d19b8157cTinderbox User<a name="id2606808"></a><h2>OPTIONS</h2>
cd791043c8a6edbcacc2392575a9816d19b8157cTinderbox User<div class="variablelist"><dl>
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
28b3569d6248168e6c00caab951521cc8141a49dAutomatic Updater<dd>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        Selects the cryptographic algorithm.  The value of
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        These values are case insensitive.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            If no algorithm is specified, then RSASHA1 will be used by
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            default, unless the <code class="option">-3</code> option is specified,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            in which case NSEC3RSASHA1 will be used instead.  (If
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            <code class="option">-3</code> is used and an algorithm is specified,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            that algorithm will be checked for compatibility with NSEC3.)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater            algorithm, and DSA is recommended.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p>
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Note 2: DH automatically sets the -k flag.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-3</span></dt>
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater<dd><p>
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User        Use an NSEC3-capable algorithm to generate a DNSSEC key.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            If this option is used and no algorithm is explicitly
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            set on the command line, NSEC3RSASHA1 will be used by
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            default.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Specifies the name of the crypto hardware (OpenSSL engine).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            When compiled with PKCS#11 support it defaults to "pcks11".
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Specifies the label of the key pair in the crypto hardware.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            The label may be preceded by an optional OpenSSL engine name,
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User            separated by a colon, as in "pkcs11:keylabel".
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Specifies the owner type of the key.  The value of
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            a host (KEY)),
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            These values are case insensitive.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-C</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        Compatibility mode:  generates an old-style key, without
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        any metadata.  By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        will include the key's creation date in the metadata stored
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        with the private key, and other dates may be set there as well
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        (publication date, activation date, etc).  Keys that include
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        this data may be incompatible with older versions of BIND; the
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        <code class="option">-C</code> option suppresses them.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Indicates that the DNS record containing the key should have
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            the specified class.  If not specified, class IN is used.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Set the specified flag in the flag field of the KEY/DNSKEY record.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            The only recognized flags are KSK (Key Signing Key) and REVOKE.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont          </p></dd>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-G</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Generate a key, but do not publish it or sign with it.  This
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            option is incompatible with -P and -A.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-h</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Prints a short summary of the options and arguments to
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            <span><strong class="command">dnssec-keyfromlabel</strong></span>.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            Sets the directory in which the key files are to be written.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p></dd>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<dt><span class="term">-k</span></dt>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<dd><p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            Generate KEY records rather than DNSKEY records.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Sets the protocol value for the key.  The protocol
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            is a number between 0 and 255.  The default is 3 (DNSSEC).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Other possible values for this argument are listed in
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            RFC 2535 and its successors.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Indicates the use of the key.  <code class="option">type</code> must be
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            is AUTHCONF.  AUTH refers to the ability to authenticate
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            data, and CONF the ability to encrypt data.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Sets the debugging level.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</dl></div>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</div>
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater<div class="refsect1" lang="en">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id2607846"></a><h2>TIMING OPTIONS</h2>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont      If the argument begins with a '+' or '-', it is interpreted as
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      an offset from the present time.  For convenience, if such an offset
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      then the offset is computed in years (defined as 365 24-hour days,
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater      ignoring leap years), months (defined as 30 24-hour days), weeks,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      days, hours, or minutes, respectively.  Without a suffix, the offset
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      is computed in seconds.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="variablelist"><dl>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Sets the date on which a key is to be published to the zone.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            After that date, the key will be included in the zone but will
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            not be used to sign it.  If not set, and if the -G option has
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            not been used, the default is "now".
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Sets the date on which the key is to be activated.  After that
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            date, the key will be included in the zone and used to sign
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            it.  If not set, and if the -G option has not been used, the
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            default is "now".
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<dd><p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            Sets the date on which the key is to be revoked.  After that
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            date, the key will be flagged as revoked.  It will be included
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            in the zone and will be used to sign it.
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Sets the date on which the key is to be retired.  After that
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            date, the key will still be included in the zone, but it
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            will not be used to sign it.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont            Sets the date on which the key is to be deleted.  After that
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            date, the key will no longer be included in the zone.  (It
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            may remain in the key repository, however.)
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
6f1205897504b8f50b1785975482c995888dd630Tinderbox User</dl></div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
6f1205897504b8f50b1785975482c995888dd630Tinderbox User<div class="refsect1" lang="en">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a name="id2609856"></a><h2>GENERATED KEY FILES</h2>
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      successfully,
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater      to the standard output.  This is an identification string for
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      the key files it has generated.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="itemizedlist"><ul type="disc">
2a31bd531072824ef252c18303859d6af7451b00Francis Dupont<li><p><code class="filename">nnnn</code> is the key name.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        </p></li>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<li><p><code class="filename">aaa</code> is the numeric representation
1e9517ea2156b990be21f44676d3370318eacf17Tinderbox User          of the algorithm.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        </p></li>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<li><p><code class="filename">iiiii</code> is the key identifier (or
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          footprint).
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater        </p></li>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater</ul></div>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      creates two files, with names based
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User      contains the public key, and
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      private key.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User    </p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      The <code class="filename">.key</code> file contains a DNS KEY record
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      that
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      can be inserted into a zone file (directly or with a $INCLUDE
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      statement).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      The <code class="filename">.private</code> file contains
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      algorithm-specific
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      fields.  For obvious security reasons, this file does not have
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      general read permission.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsect1" lang="en">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<a name="id2650773"></a><h2>SEE ALSO</h2>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      <em class="citetitle">RFC 4034</em>.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater    </p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="refsect1" lang="en">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<a name="id2650806"></a><h2>AUTHOR</h2>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic Updater</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<div class="navfooter">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<hr>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<table width="100%" summary="Navigation footer">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<tr>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<td width="40%" align="left">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</td>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</tr>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<tr>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<td width="40%" align="left" valign="top">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<span class="application">dnssec-dsfromkey</span>�</td>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-keygen</span>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</td>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</table>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</body>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</html>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User