man.dnssec-keyfromlabel.html revision f470689ec45369e1a0710eed82167bbcde93f5f6
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - Copyright (C) 2000-2003 Internet Software Consortium.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - Permission to use, copy, modify, and/or distribute this software for any
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - purpose with or without fee is hereby granted, provided that the above
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - copyright notice and this permission notice appear in all copies.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw - PERFORMANCE OF THIS SOFTWARE.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<!-- $Id$ -->
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
cb174861876aea6950a7ab4ce944aff84b1914cdjoyce mcintosh<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<link rel="prev" href="man.dnssec-dsfromkey.html" title="dnssec-dsfromkey">
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<link rel="next" href="man.dnssec-keygen.html" title="dnssec-keygen">
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
b1352070d318187b41b088da3533692976f3f225Alan Wright<tr><th colspan="3" align="center"><span class="application">dnssec-keyfromlabel</span></th></tr>
b1352070d318187b41b088da3533692976f3f225Alan Wright<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
b1352070d318187b41b088da3533692976f3f225Alan Wright<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown gets keys with the given label from a crypto hardware and builds
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown key files for DNSSEC (Secure DNS), as defined in RFC 2535
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw and RFC 4034.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw The <code class="option">name</code> of the key is specified on the command
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw line. This must match the name of the zone for which the key is
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw being generated.
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Selects the cryptographic algorithm. The value of
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
7b59d02d2a384be9a08087b14defadd214b3c1ddjb ECDSAP256SHA256 or ECDSAP384SHA384.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb These values are case insensitive.
b89a8333f5e1f75ec0c269b22524bd2eccb972banatalie li - Sun Microsystems - Irvine United States If no algorithm is specified, then RSASHA1 will be used by
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb default, unless the <code class="option">-3</code> option is specified,
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb in which case NSEC3RSASHA1 will be used instead. (If
eb1d736b1c19f6abeee90c921a9320b67fedd016afshin salek ardakani - Sun Microsystems - Irvine United States <code class="option">-3</code> is used and an algorithm is specified,
eb1d736b1c19f6abeee90c921a9320b67fedd016afshin salek ardakani - Sun Microsystems - Irvine United States that algorithm will be checked for compatibility with NSEC3.)
eb1d736b1c19f6abeee90c921a9320b67fedd016afshin salek ardakani - Sun Microsystems - Irvine United States </p>
eb1d736b1c19f6abeee90c921a9320b67fedd016afshin salek ardakani - Sun Microsystems - Irvine United States Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb algorithm, and DSA is recommended.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb Note 2: DH automatically sets the -k flag.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb Use an NSEC3-capable algorithm to generate a DNSSEC key.
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb If this option is used and no algorithm is explicitly
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb set on the command line, NSEC3RSASHA1 will be used by
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb Specifies the name of the crypto hardware (OpenSSL engine).
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw When compiled with PKCS#11 support it defaults to "pkcs11".
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p></dd>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dd><p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States Specifies the label of the key pair in the crypto hardware.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States The label may be preceded by an optional OpenSSL engine name,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw separated by a colon, as in "pkcs11:keylabel".
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb Specifies the owner type of the key. The value of
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw <code class="option">nametype</code> must either be ZONE (for a DNSSEC
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States a host (KEY)),
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States These values are case insensitive.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p></dd>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dt><span class="term">-C</span></dt>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dd><p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States Compatibility mode: generates an old-style key, without
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown any metadata. By default, <span><strong class="command">dnssec-keyfromlabel</strong></span>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw will include the key's creation date in the metadata stored
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw with the private key, and other dates may be set there as well
b1352070d318187b41b088da3533692976f3f225Alan Wright (publication date, activation date, etc). Keys that include
faa1795a28a5c712eed6d0a3f84d98c368a316c6jb this data may be incompatible with older versions of BIND; the
7b59d02d2a384be9a08087b14defadd214b3c1ddjb<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw Indicates that the DNS record containing the key should have
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw the specified class. If not specified, class IN is used.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Set the specified flag in the flag field of the KEY/DNSKEY record.
b1352070d318187b41b088da3533692976f3f225Alan Wright The only recognized flags are KSK (Key Signing Key) and REVOKE.
b1352070d318187b41b088da3533692976f3f225Alan Wright Generate a key, but do not publish it or sign with it. This
b1352070d318187b41b088da3533692976f3f225Alan Wright option is incompatible with -P and -A.
b1352070d318187b41b088da3533692976f3f225Alan Wright Prints a short summary of the options and arguments to
b1352070d318187b41b088da3533692976f3f225Alan Wright <span><strong class="command">dnssec-keyfromlabel</strong></span>.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Sets the directory in which the key files are to be written.
b1352070d318187b41b088da3533692976f3f225Alan Wright Generate KEY records rather than DNSKEY records.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Sets the default TTL to use for this key when it is converted
b1352070d318187b41b088da3533692976f3f225Alan Wright into a DNSKEY RR. If the key is imported into a zone,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw this is the TTL that will be used for it, unless there was
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw already a DNSKEY RRset in place, in which case the existing TTL
b1352070d318187b41b088da3533692976f3f225Alan Wright would take precedence. Setting the default TTL to
b1352070d318187b41b088da3533692976f3f225Alan Wright <code class="literal">0</code> or <code class="literal">none</code> removes it.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
dc20a3024900c47dd2ee44b9707e6df38f7d62a5as Sets the protocol value for the key. The protocol
b1352070d318187b41b088da3533692976f3f225Alan Wright is a number between 0 and 255. The default is 3 (DNSSEC).
b1352070d318187b41b088da3533692976f3f225Alan Wright Other possible values for this argument are listed in
b1352070d318187b41b088da3533692976f3f225Alan Wright RFC 2535 and its successors.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Indicates the use of the key. <code class="option">type</code> must be
b1352070d318187b41b088da3533692976f3f225Alan Wright one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default
b1352070d318187b41b088da3533692976f3f225Alan Wright is AUTHCONF. AUTH refers to the ability to authenticate
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States data, and CONF the ability to encrypt data.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p></dd>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<dd><p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States Sets the debugging level.
b1352070d318187b41b088da3533692976f3f225Alan Wright Allows DNSSEC key files to be generated even if the key ID
b1352070d318187b41b088da3533692976f3f225Alan Wright would collide with that of an existing key, in the event of
b1352070d318187b41b088da3533692976f3f225Alan Wright either key being revoked. (This is only safe to use if you
b1352070d318187b41b088da3533692976f3f225Alan Wright are sure you won't be using RFC 5011 trust anchor maintenance
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States with either of the keys involved.)
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p></dd>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</dl></div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<div class="refsect1" lang="en">
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<a name="id2617170"></a><h2>TIMING OPTIONS</h2>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
b1352070d318187b41b088da3533692976f3f225Alan Wright If the argument begins with a '+' or '-', it is interpreted as
b1352070d318187b41b088da3533692976f3f225Alan Wright an offset from the present time. For convenience, if such an offset
b1352070d318187b41b088da3533692976f3f225Alan Wright is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
b1352070d318187b41b088da3533692976f3f225Alan Wright then the offset is computed in years (defined as 365 24-hour days,
b1352070d318187b41b088da3533692976f3f225Alan Wright ignoring leap years), months (defined as 30 24-hour days), weeks,
b1352070d318187b41b088da3533692976f3f225Alan Wright days, hours, or minutes, respectively. Without a suffix, the offset
b1352070d318187b41b088da3533692976f3f225Alan Wright is computed in seconds.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown Sets the date on which a key is to be published to the zone.
b1352070d318187b41b088da3533692976f3f225Alan Wright After that date, the key will be included in the zone but will
b1352070d318187b41b088da3533692976f3f225Alan Wright not be used to sign it. If not set, and if the -G option has
b1352070d318187b41b088da3533692976f3f225Alan Wright not been used, the default is "now".
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Sets the date on which the key is to be activated. After that
b1352070d318187b41b088da3533692976f3f225Alan Wright date, the key will be included in the zone and used to sign
b1352070d318187b41b088da3533692976f3f225Alan Wright it. If not set, and if the -G option has not been used, the
b1352070d318187b41b088da3533692976f3f225Alan Wright default is "now".
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
b1352070d318187b41b088da3533692976f3f225Alan Wright Sets the date on which the key is to be revoked. After that
b1352070d318187b41b088da3533692976f3f225Alan Wright date, the key will be flagged as revoked. It will be included
b1352070d318187b41b088da3533692976f3f225Alan Wright in the zone and will be used to sign it.
b1352070d318187b41b088da3533692976f3f225Alan Wright<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown Sets the date on which the key is to be retired. After that
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown date, the key will still be included in the zone, but it
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown will not be used to sign it.
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown Sets the date on which the key is to be deleted. After that
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown date, the key will no longer be included in the zone. (It
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown may remain in the key repository, however.)
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<a name="id2617268"></a><h2>GENERATED KEY FILES</h2>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown successfully,
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown to the standard output. This is an identification string for
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown the key files it has generated.
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<li><p><code class="filename">nnnn</code> is the key name.
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<li><p><code class="filename">aaa</code> is the numeric representation
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown of the algorithm.
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<li><p><code class="filename">iiiii</code> is the key identifier (or
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States creates two files, with names based
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States on the printed string. <code class="filename">Knnnn.+aaa+iiiii.key</code>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States contains the public key, and
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States private key.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown The <code class="filename">.key</code> file contains a DNS KEY record
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown can be inserted into a zone file (directly or with a $INCLUDE
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown The <code class="filename">.private</code> file contains
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States algorithm-specific
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States fields. For obvious security reasons, this file does not have
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States general read permission.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<div class="refsect1" lang="en">
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<a name="id2617362"></a><h2>SEE ALSO</h2>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States <em class="citetitle">RFC 4034</em>.
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<div class="refsect1" lang="en">
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<a name="id2617395"></a><h2>AUTHOR</h2>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<p><span class="corpauthor">Internet Systems Consortium</span>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States </p>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States</div>
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<div class="navfooter">
9fb67ea305c66b6a297583b9b0db6796b0dfe497afshin salek ardakani - Sun Microsystems - Irvine United States<table width="100%" summary="Navigation footer">
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<a accesskey="p" href="man.dnssec-dsfromkey.html">Prev</a>�</td>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-keygen.html">Next</a>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<span class="application">dnssec-dsfromkey</span>�</td>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
bbf6f00c25b6a2bed23c35eac6d62998ecdb338cJordan Brown<td width="40%" align="right" valign="top">�<span class="application">dnssec-keygen</span>