doc/arm/man.dnssec-keyfromlabel.html

	man.dnssec-keyfromlabel.html revision cd0df9459e87097d01fc6c0de0a283c7e8d3c401
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<!--
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen - Copyright (C) 2000-2003 Internet Software Consortium.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen -
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - Permission to use, copy, modify, and/or distribute this software for any
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - purpose with or without fee is hereby granted, provided that the above
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - copyright notice and this permission notice appear in all copies.
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen -
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen - PERFORMANCE OF THIS SOFTWARE.
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen-->
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<!-- $Id: man.dnssec-keyfromlabel.html,v 1.77 2009/11/06 01:14:50 tbox Exp $ -->
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<html>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<head>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<title>dnssec-keyfromlabel</title>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</head>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<div class="navheader">
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<table width="100%" summary="Navigation header">
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<tr>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<td width="20%" align="left">
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<th width="60%" align="center">Manual pages</th>
e06c0b65c16ccce69bbee009ead14d7d3d17a256Timo Sirainen<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</td>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</tr>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</table>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<hr>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</div>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<div class="refentry" lang="en">
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<div class="refnamediv">
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<h2>Name</h2>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</div>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<div class="refsynopsisdiv">
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<h2>Synopsis</h2>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen</div>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<div class="refsect1" lang="en">
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<a name="id2606844"></a><h2>DESCRIPTION</h2>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen      gets keys with the given label from a crypto hardware and builds
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      key files for DNSSEC (Secure DNS), as defined in RFC 2535
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      and RFC 4034.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    </p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<p>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen      The <code class="option">name</code> of the key is specified on the command
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      line.  This must match the name of the zone for which the key is
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      being generated.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    </p>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen</div>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<div class="refsect1" lang="en">
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<a name="id2606865"></a><h2>OPTIONS</h2>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<div class="variablelist"><dl>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dd>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<p>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen        Selects the cryptographic algorithm.  The value of
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen            <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen        DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen        These values are case insensitive.
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen      </p>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen<p>
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen            If no algorithm is specified, then RSASHA1 will be used by
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen            default, unless the <code class="option">-3</code> option is specified,
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            in which case NSEC3RSASHA1 will be used instead.  (If
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            <code class="option">-3</code> is used and an algorithm is specified,
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            that algorithm will be checked for compatibility with NSEC3.)
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen          </p>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<p>
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen            algorithm, and DSA is recommended.
0add8c99ca65e56dbf613595fc37c41aafff3f7fTimo Sirainen          </p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen            Note 2: DH automatically sets the -k flag.
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen          </p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</dd>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<dt><span class="term">-3</span></dt>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<dd><p>
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen        Use an NSEC3-capable algorithm to generate a DNSSEC key.
e4b09b008ab544eb8994beecbfffefa21d855e43Timo Sirainen            If this option is used and no algorithm is explicitly
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen            set on the command line, NSEC3RSASHA1 will be used by
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen            default.
6a07b4f51394c9b130d7c54d6cd1ec05d5a5a4c0Timo Sirainen          </p></dd>
6a07b4f51394c9b130d7c54d6cd1ec05d5a5a4c0Timo Sirainen<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<dd><p>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            Specifies the name of the crypto hardware (OpenSSL engine).
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            When compiled with PKCS#11 support it defaults to "pkcs11".
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Specifies the label of the key pair in the crypto hardware.
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            The label may be preceded by an optional OpenSSL engine name,
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            separated by a colon, as in "pkcs11:keylabel".
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen          </p></dd>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dd><p>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            Specifies the owner type of the key.  The value of
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            a host (KEY)),
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            These values are case insensitive.
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen          </p></dd>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dt><span class="term">-C</span></dt>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dd><p>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        Compatibility mode:  generates an old-style key, without
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        any metadata.  By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        will include the key's creation date in the metadata stored
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        with the private key, and other dates may be set there as well
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        (publication date, activation date, etc).  Keys that include
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        this data may be incompatible with older versions of BIND; the
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen        <code class="option">-C</code> option suppresses them.
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen          </p></dd>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dd><p>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            Indicates that the DNS record containing the key should have
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            the specified class.  If not specified, class IN is used.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<dd><p>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen            Set the specified flag in the flag field of the KEY/DNSKEY record.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            The only recognized flags are KSK (Key Signing Key) and REVOKE.
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen          </p></dd>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dt><span class="term">-G</span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Generate a key, but do not publish it or sign with it.  This
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            option is incompatible with -P and -A.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-h</span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Prints a short summary of the options and arguments to
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            <span><strong class="command">dnssec-keyfromlabel</strong></span>.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen<dd><p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen            Sets the directory in which the key files are to be written.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-k</span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Generate KEY records rather than DNSKEY records.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Sets the protocol value for the key.  The protocol
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            is a number between 0 and 255.  The default is 3 (DNSSEC).
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Other possible values for this argument are listed in
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            RFC 2535 and its successors.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Indicates the use of the key.  <code class="option">type</code> must be
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            is AUTHCONF.  AUTH refers to the ability to authenticate
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            data, and CONF the ability to encrypt data.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Sets the debugging level.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</dl></div>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</div>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<div class="refsect1" lang="en">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<a name="id2609746"></a><h2>TIMING OPTIONS</h2>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      If the argument begins with a '+' or '-', it is interpreted as
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      an offset from the present time.  For convenience, if such an offset
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen      then the offset is computed in years (defined as 365 24-hour days,
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen      ignoring leap years), months (defined as 30 24-hour days), weeks,
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen      days, hours, or minutes, respectively.  Without a suffix, the offset
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen      is computed in seconds.
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    </p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<div class="variablelist"><dl>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
8e7da21696c9f8a6d5e601243fb6172ec85d47b2Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Sets the date on which a key is to be published to the zone.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            After that date, the key will be included in the zone but will
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            not be used to sign it.  If not set, and if the -G option has
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            not been used, the default is "now".
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen          </p></dd>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dd><p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            Sets the date on which the key is to be activated.  After that
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen            date, the key will be included in the zone and used to sign
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            it.  If not set, and if the -G option has not been used, the
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            default is "now".
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen          </p></dd>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<dd><p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen            Sets the date on which the key is to be revoked.  After that
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen            date, the key will be flagged as revoked.  It will be included
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            in the zone and will be used to sign it.
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen          </p></dd>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<dd><p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen            Sets the date on which the key is to be retired.  After that
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen            date, the key will still be included in the zone, but it
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen            will not be used to sign it.
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen          </p></dd>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<dd><p>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            Sets the date on which the key is to be deleted.  After that
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen            date, the key will no longer be included in the zone.  (It
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen            may remain in the key repository, however.)
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen          </p></dd>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen</dl></div>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen</div>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<div class="refsect1" lang="en">
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<a name="id2650804"></a><h2>GENERATED KEY FILES</h2>
ec1e30ecc38f0deddaf655413cf02d5972ddbc70Timo Sirainen<p>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen      successfully,
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen      to the standard output.  This is an identification string for
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen      the key files it has generated.
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen    </p>
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<div class="itemizedlist"><ul type="disc">
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen<li><p><code class="filename">nnnn</code> is the key name.
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen        </p></li>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<li><p><code class="filename">aaa</code> is the numeric representation
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen          of the algorithm.
fddec1bf093b45eaedcece13c649b811208e0547Timo Sirainen        </p></li>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<li><p><code class="filename">iiiii</code> is the key identifier (or
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen          footprint).
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen        </p></li>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen</ul></div>
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
5c1a8aee989af87bddefd71e2aa83aa2bd695155Timo Sirainen      creates two files, with names based
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen      contains the public key, and
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      private key.
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    </p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      The <code class="filename">.key</code> file contains a DNS KEY record
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      that
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      can be inserted into a zone file (directly or with a $INCLUDE
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      statement).
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen    </p>
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen<p>
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen      The <code class="filename">.private</code> file contains
0d5101a9e42a98724b4ca2860c16f1ada7dff17eTimo Sirainen      algorithm-specific
0d5101a9e42a98724b4ca2860c16f1ada7dff17eTimo Sirainen      fields.  For obvious security reasons, this file does not have
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen      general read permission.
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen    </p>
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen</div>
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen<div class="refsect1" lang="en">
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen<a name="id2650898"></a><h2>SEE ALSO</h2>
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
d8521a231b063d62cc194b5ca40427225a069352Timo Sirainen      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen      <em class="citetitle">RFC 4034</em>.
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen    </p>
18398a5d21c88cbb34c601c6b6c1f9dea502e1caTimo Sirainen</div>
d1727ed9c2ed8c520afa35cf0302fd94f7dfd723Timo Sirainen<div class="refsect1" lang="en">
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<a name="id2650931"></a><h2>AUTHOR</h2>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<p><span class="corpauthor">Internet Systems Consortium</span>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen    </p>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</div>
a67b680211e62ae8712df502b800fb0deabd80d9Timo Sirainen</div>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<div class="navfooter">
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<hr>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<table width="100%" summary="Navigation footer">
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<tr>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<td width="40%" align="left">
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
c1d45cada20777e1973579d40d0ebe43f89bb053Timo Sirainen</td>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</tr>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<tr>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<td width="40%" align="left" valign="top">
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen<span class="application">dnssec-dsfromkey</span>�</td>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen<td width="40%" align="right" valign="top">�<span class="application">dnssec-keygen</span>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</td>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</tr>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</table>
31ddc75584c5cde53d2e78a737587f2e7fdcb0d2Timo Sirainen</div>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</body>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen</html>
0cb2e8eb55e70f8ebe1e8349bdf49e4cbe5d8834Timo Sirainen