man.dnssec-keyfromlabel.html revision aeb7938001b22e811a910e1b36cdf452f9193865
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - Copyright (C) 2000-2003 Internet Software Consortium.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - Permission to use, copy, modify, and distribute this software for any
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - purpose with or without fee is hereby granted, provided that the above
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - copyright notice and this permission notice appear in all copies.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley - PERFORMANCE OF THIS SOFTWARE.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<!-- $Id: man.dnssec-keyfromlabel.html,v 1.4 2008/04/03 01:10:00 tbox Exp $ -->
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<link rel="prev" href="man.host.html" title="host">
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<a accesskey="p" href="man.host.html">Prev</a>�</td>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley gets keys with the given label from a crypto hardware and builds
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley key files for DNSSEC (Secure DNS), as defined in RFC 2535
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley and RFC 4034.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Selects the cryptographic algorithm. The value of
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley <code class="option">algorithm</code> must be one of RSAMD5 (RSA)
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley or RSASHA1, DSA or DH (Diffie Hellman). These values
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley are case insensitive.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley algorithm, and DSA is recommended.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley Note 2: DH automatically sets the -k flag.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley Specifies the label of keys in the crypto hardware
726290e9d5b720b736fa39d9f7d92c2efb7d1f24Bob Halley (PKCS#11 device).
38980568375a6505452550b5677104ab44291b66Bob Halley<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley Specifies the owner type of the key. The value of
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley <code class="option">nametype</code> must either be ZONE (for a DNSSEC
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley a host (KEY)),
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley These values are
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley case insensitive.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley Indicates that the DNS record containing the key should have
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley the specified class. If not specified, class IN is used.
6f44af1c8320e84d6b0c0c42bacadfe3020d9a91Mark Andrews<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Set the specified flag in the flag field of the KEY/DNSKEY record.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley The only recognized flag is KSK (Key Signing Key) DNSKEY.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Prints a short summary of the options and arguments to
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley <span><strong class="command">dnssec-keygen</strong></span>.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Generate KEY records rather than DNSKEY records.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Sets the protocol value for the generated key. The protocol
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley is a number between 0 and 255. The default is 3 (DNSSEC).
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Other possible values for this argument are listed in
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley RFC 2535 and its successors.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Indicates the use of the key. <code class="option">type</code> must be
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley is AUTHCONF. AUTH refers to the ability to authenticate
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley data, and CONF the ability to encrypt data.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley Sets the debugging level.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<a name="id2598978"></a><h2>GENERATED KEY FILES</h2>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley successfully,
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley to the standard output. This is an identification string for
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley the key files it has generated.
f94f59d746daffc38356d0a019b64eb01d2341c0Bob Halley<li><p><code class="filename">nnnn</code> is the key name.
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<li><p><code class="filename">aaa</code> is the numeric representation
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<li><p><code class="filename">iiiii</code> is the key identifier (or
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley creates two files, with names based
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley contains the public key, and
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
e3027d397f237ff018174fd17bf377a4a1890c6bBob Halley The <code class="filename">.key</code> file contains a DNS KEY record
e3027d397f237ff018174fd17bf377a4a1890c6bBob Halley can be inserted into a zone file (directly or with a $INCLUDE
726290e9d5b720b736fa39d9f7d92c2efb7d1f24Bob Halley The <code class="filename">.private</code> file contains algorithm
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley fields. For obvious security reasons, this file does not have
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley general read permission.
38980568375a6505452550b5677104ab44291b66Bob Halley<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
e3027d397f237ff018174fd17bf377a4a1890c6bBob Halley <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
38980568375a6505452550b5677104ab44291b66Bob Halley <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
19f08273e2592fa48608ec1ac5e021b4b3489030Bob Halley<p><span class="corpauthor">Internet Systems Consortium</span>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<a accesskey="p" href="man.host.html">Prev</a>�</td>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="40%" align="left" valign="top">host�</td>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
c56c5586b49ccddbaf7e2b5c6c06adee1c509253Bob Halley<td width="40%" align="right" valign="top">�<span class="application">dnssec-keygen</span>