man.dnssec-keyfromlabel.html revision 5d564da348e890e42f63eebf2dced9a05b41f4fb
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - Copyright (C) 2000-2003 Internet Software Consortium.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - Permission to use, copy, modify, and/or distribute this software for any
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - purpose with or without fee is hereby granted, provided that the above
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - copyright notice and this permission notice appear in all copies.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith - PERFORMANCE OF THIS SOFTWARE.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<!-- $Id$ -->
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<link rel="prev" href="man.dnssec-importkey.html" title="dnssec-importkey">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<a accesskey="p" href="man.dnssec-importkey.html">Prev</a>�</td>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-y</code>] {name}</p></div>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith generates a key pair of files that referencing a key object stored
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith in a cryptographic hardware service module (HSM). The private key
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith file can be used for DNSSEC signing of zone data as if it were a
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith conventional signing key created by <span><strong class="command">dnssec-keygen</strong></span>,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith but the key material is stored within the HSM, and the actual signing
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith takes place there.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith The <code class="option">name</code> of the key is specified on the command
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith line. This must match the name of the zone for which the key is
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith being generated.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith Selects the cryptographic algorithm. The value of
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith ECDSAP256SHA256 or ECDSAP384SHA384.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith These values are case insensitive.
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith If no algorithm is specified, then RSASHA1 will be used by
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith default, unless the <code class="option">-3</code> option is specified,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith in which case NSEC3RSASHA1 will be used instead. (If
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith <code class="option">-3</code> is used and an algorithm is specified,
350964af8dfc6ab5df9d3fb0f274f7d018986c5bLuke Smith that algorithm will be checked for compatibility with NSEC3.)