man.dnssec-keyfromlabel.html revision c6c78f699b55b3344fb6b17ddc854cbae4610468
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - Copyright (C) 2000-2003 Internet Software Consortium.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - Permission to use, copy, modify, and distribute this software for any
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - purpose with or without fee is hereby granted, provided that the above
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - copyright notice and this permission notice appear in all copies.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster - PERFORMANCE OF THIS SOFTWARE.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<!-- $Id: man.dnssec-keyfromlabel.html,v 1.23 2008/10/15 01:11:35 tbox Exp $ -->
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<link rel="prev" href="man.host.html" title="host">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<table width="100%" summary="Navigation header">
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<a accesskey="p" href="man.host.html">Prev</a>�</td>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<th width="60%" align="center">Manual pages</th>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster gets keys with the given label from a crypto hardware and builds
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster key files for DNSSEC (Secure DNS), as defined in RFC 2535
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster and RFC 4034.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Selects the cryptographic algorithm. The value of
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster <code class="option">algorithm</code> must be one of RSAMD5 (RSA)
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman).
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster These values are case insensitive.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster algorithm, and DSA is recommended.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Note 2: DH automatically sets the -k flag.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Specifies the label of keys in the crypto hardware
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster (PKCS#11 device).
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Specifies the owner type of the key. The value of
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster <code class="option">nametype</code> must either be ZONE (for a DNSSEC
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster a host (KEY)),
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster These values are
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster case insensitive.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Indicates that the DNS record containing the key should have
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster the specified class. If not specified, class IN is used.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Set the specified flag in the flag field of the KEY/DNSKEY record.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster The only recognized flag is KSK (Key Signing Key) DNSKEY.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Prints a short summary of the options and arguments to
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster <span><strong class="command">dnssec-keygen</strong></span>.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Generate KEY records rather than DNSKEY records.
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Sets the protocol value for the generated key. The protocol
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster is a number between 0 and 255. The default is 3 (DNSSEC).
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster Other possible values for this argument are listed in
5c099afa7c9361afc2f4477fec0e3018588d7840Allan Foster RFC 2535 and its successors.
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan Indicates the use of the key. <code class="option">type</code> must be
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan is AUTHCONF. AUTH refers to the ability to authenticate
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan data, and CONF the ability to encrypt data.
f0a2ef8d131738c34c9e72ad7182d5bb47b4ff4eDirk Hogan<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>