doc/arm/man.dnssec-keygen.html

	man.dnssec-keygen.html revision fdd80e9a55c70b36a3bf3e409b86897301c44ff8
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews<!--
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
33d0a7767d53cb366039fd0ac4f63cf8a9c351b0Tinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont -
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - Permission to use, copy, modify, and/or distribute this software for any
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - purpose with or without fee is hereby granted, provided that the above
5347c0fcb04eaea19d9f39795646239f487c6207Tinderbox User - copyright notice and this permission notice appear in all copies.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont -
d6fa26d0adaec6c910115be34fe7a5a5f402c14fMark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User - PERFORMANCE OF THIS SOFTWARE.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont-->
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<!-- $Id: man.dnssec-keygen.html,v 1.154 2010/01/08 01:14:07 tbox Exp $ -->
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<html>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<head>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<title>dnssec-keygen</title>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="prev" href="man.dnssec-keyfromlabel.html" title="dnssec-keyfromlabel">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<link rel="next" href="man.dnssec-revoke.html" title="dnssec-revoke">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</head>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="navheader">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<table width="100%" summary="Navigation header">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<tr><th colspan="3" align="center"><span class="application">dnssec-keygen</span></th></tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<tr>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<td width="20%" align="left">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a accesskey="p" href="man.dnssec-keyfromlabel.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<th width="60%" align="center">Manual pages</th>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-revoke.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</table>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<hr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="refentry" lang="en">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="refnamediv">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<h2>Name</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="refsynopsisdiv">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<h2>Synopsis</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="refsect1" lang="en">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2608330"></a><h2>DESCRIPTION</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><span><strong class="command">dnssec-keygen</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      and RFC 4034.  It can also generate keys for use with
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      TSIG (Transaction Signatures) as defined in RFC 2845, or TKEY
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      (Transaction Key) as defined in RFC 2930.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      The <code class="option">name</code> of the key is specified on the command
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      line.  For DNSSEC keys, this must match the name of the zone for
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      which the key is being generated.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsect1" lang="en">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2608350"></a><h2>OPTIONS</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="variablelist"><dl>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<dd>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<p>
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User            Selects the cryptographic algorithm.  For DNSSEC keys, the value
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User        DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont        For TSIG/TKEY, the value must
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            case insensitive.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            If no algorithm is specified, then RSASHA1 will be used by
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            default, unless the <code class="option">-3</code> option is specified,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            in which case NSEC3RSASHA1 will be used instead.  (If
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            <code class="option">-3</code> is used and an algorithm is specified,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            that algorithm will be checked for compatibility with NSEC3.)
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        mandatory.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
aaaf8d4f4873d21e55c3ffb4f656203d08339865Mark Andrews            Note 2: DH, HMAC-MD5, and HMAC-SHA1 through HMAC-SHA512
bfb7b680bf88c1fdd9949197b71c512c532280a4Tinderbox User            automatically set the -T KEY option.
731cc132f22dbc9e0ecd7035dce314a61076d31bAutomatic Updater          </p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont</dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Specifies the number of bits in the key.  The choice of key
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            size depends on the algorithm used.  RSA keys must be
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            between 512 and 2048 bits.  Diffie Hellman keys must be between
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            128 and 4096 bits.  DSA keys must be between 512 and 1024
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            bits and an exact multiple of 64.  HMAC keys must be
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            between 1 and 512 bits.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            The key size does not need to be specified if using a default
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            algorithm.  The default key size is 1024 bits for zone signing
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            keys (ZSK's) and 2048 bits for key signing keys (KSK's,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            generated with <code class="option">-f KSK</code>).  However, if an
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater            algorithm is explicitly specified with the <code class="option">-a</code>,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            then there is no default key size, and the <code class="option">-b</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            must be used.
2a6d4c9948b3f4f31311bd799d114585a30419a9Automatic Updater          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Specifies the owner type of the key.  The value of
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
8ec3c085233cedb22b05da36e2773c8f357a7e45Automatic Updater            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
6ea2385360e9e2167e65f9286447da9eea189457Tinderbox User            a host (KEY)),
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            These values are case insensitive.  Defaults to ZONE for DNSKEY
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        generation.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-3</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        Use an NSEC3-capable algorithm to generate a DNSSEC key.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            If this option is used and no algorithm is explicitly
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            set on the command line, NSEC3RSASHA1 will be used by
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            default. Note that RSASHA256 and RSASHA512 algorithms
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        are NSEC3-capable.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<dt><span class="term">-C</span></dt>
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        Compatibility mode:  generates an old-style key, without
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        any metadata.  By default, <span><strong class="command">dnssec-keygen</strong></span>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        will include the key's creation date in the metadata stored
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        with the private key, and other dates may be set there as well
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        (publication date, activation date, etc).  Keys that include
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        this data may be incompatible with older versions of BIND; the
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        <code class="option">-C</code> option suppresses them.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Indicates that the DNS record containing the key should have
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            the specified class.  If not specified, class IN is used.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Uses a crypto hardware (OpenSSL engine) for random number
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            and, when supported, key generation. When compiled with PKCS#11
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            support it defaults to pkcs11; the empty name resets it to
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            no engine.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-e</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            If generating an RSAMD5/RSASHA1 key, use a large exponent.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Set the specified flag in the flag field of the KEY/DNSKEY record.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            The only recognized flags are KSK (Key Signing Key) and REVOKE.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<dt><span class="term">-G</span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Generate a key, but do not publish it or sign with it.  This
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            option is incompatible with -P and -A.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            If generating a Diffie Hellman key, use this generator.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Allowed values are 2 and 5.  If no generator
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            is specified, a known prime from RFC 2539 will be used
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            if possible; otherwise the default is 2.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-h</span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            Prints a short summary of the options and arguments to
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User            <span><strong class="command">dnssec-keygen</strong></span>.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p></dd>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<dd><p>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            Sets the directory in which the key files are to be written.
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-k</span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont            Deprecated in favor of -T KEY.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Sets the protocol value for the generated key.  The protocol
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            is a number between 0 and 255.  The default is 3 (DNSSEC).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Other possible values for this argument are listed in
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont            RFC 2535 and its successors.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-q</span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Quiet mode: Suppresses unnecessary output, including
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            progress indication.  Without this option, when
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            <span><strong class="command">dnssec-keygen</strong></span> is run interactively
f8e3e03cacd16ffb923a9603fca23a9e1a1fee07Automatic Updater            to generate an RSA or DSA key pair, it will print a string
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            of symbols to <code class="filename">stderr</code> indicating the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            progress of the key generation.  A '.' indicates that a
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            random number has been found which passed an initial
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            sieve test; '+' means a number has passed a single
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            round of the Miller-Rabin primality test; a space
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            means that the number has passed all the tests and is
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont            a satisfactory key.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Specifies the source of randomness.  If the operating
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            system does not provide a <code class="filename">/dev/random</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            or equivalent device, the default source of randomness
0a7ed88633a680bb881868b75ded4d09a7bbbc50Automatic Updater            is keyboard input.  <code class="filename">randomdev</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            specifies
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            the name of a character device or file containing random
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            data to be used instead of the default.  The special value
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            <code class="filename">keyboard</code> indicates that keyboard
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            input should be used.
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Specifies the strength value of the key.  The strength is
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            a number between 0 and 15, and currently has no defined
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            purpose in DNSSEC.
a3f8c8e20780e488141d200acdfea6c5f3303513Automatic Updater          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-T <em class="replaceable"><code>rrtype</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Specifies the resource record type to use for the key.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            <code class="option">rrtype</code> must be either DNSKEY or KEY.  The
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            default is DNSKEY when using a DNSSEC algorithm, but it can be
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            overridden to KEY for use with SIG(0).
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Using any TSIG algorithm (HMAC-* or DH) forces this option
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            to KEY.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Indicates the use of the key.  <code class="option">type</code> must be
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            is AUTHCONF.  AUTH refers to the ability to authenticate
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            data, and CONF the ability to encrypt data.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<dd><p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User            Sets the debugging level.
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User          </p></dd>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</dl></div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<div class="refsect1" lang="en">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2661687"></a><h2>TIMING OPTIONS</h2>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      If the argument begins with a '+' or '-', it is interpreted as
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      an offset from the present time.  For convenience, if such an offset
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi',
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      then the offset is computed in years (defined as 365 24-hour days,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      ignoring leap years), months (defined as 30 24-hour days), weeks,
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      days, hours, or minutes, respectively.  Without a suffix, the offset
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      is computed in seconds.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<div class="variablelist"><dl>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-P <em class="replaceable"><code>date/offset</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            Sets the date on which a key is to be published to the zone.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            After that date, the key will be included in the zone but will
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            not be used to sign it.  If not set, and if the -G option has
6f1205897504b8f50b1785975482c995888dd630Tinderbox User            not been used, the default is "now".
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-A <em class="replaceable"><code>date/offset</code></em></span></dt>
6f1205897504b8f50b1785975482c995888dd630Tinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Sets the date on which the key is to be activated.  After that
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            date, the key will be included in the zone and used to sign
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater            it.  If not set, and if the -G option has not been used, the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            default is "now".
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<dt><span class="term">-R <em class="replaceable"><code>date/offset</code></em></span></dt>
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater<dd><p>
a3416b0a1b5482b6df32839445ca98c016945570Automatic Updater            Sets the date on which the key is to be revoked.  After that
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            date, the key will be flagged as revoked.  It will be included
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User            in the zone and will be used to sign it.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Sets the date on which the key is to be retired.  After that
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            date, the key will still be included in the zone, but it
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            will not be used to sign it.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dt><span class="term">-D <em class="replaceable"><code>date/offset</code></em></span></dt>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<dd><p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User            Sets the date on which the key is to be deleted.  After that
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            date, the key will no longer be included in the zone.  (It
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater            may remain in the key repository, however.)
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater          </p></dd>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater</dl></div>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater</div>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<div class="refsect1" lang="en">
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<a name="id2661990"></a><h2>GENERATED KEYS</h2>
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User<p>
bbbf2e27d3a981163dab139497d6b2dc85449db0Tinderbox User      When <span><strong class="command">dnssec-keygen</strong></span> completes
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      successfully,
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      to the standard output.  This is an identification string for
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      the key it has generated.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="itemizedlist"><ul type="disc">
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<li><p><code class="filename">nnnn</code> is the key name.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User        </p></li>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<li><p><code class="filename">aaa</code> is the numeric representation
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User          of the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          algorithm.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </p></li>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<li><p><code class="filename">iiiii</code> is the key identifier (or
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User          footprint).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User        </p></li>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</ul></div>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p><span><strong class="command">dnssec-keygen</strong></span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      creates two files, with names based
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      contains the public key, and
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      private
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      key.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      The <code class="filename">.key</code> file contains a DNS KEY record
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      that
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      can be inserted into a zone file (directly or with a $INCLUDE
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater      statement).
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      The <code class="filename">.private</code> file contains
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      algorithm-specific
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      fields.  For obvious security reasons, this file does not have
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      general read permission.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
79cf9524b15ca65f55fd6913e6cf01b5581c588aAutomatic Updater<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      Both <code class="filename">.key</code> and <code class="filename">.private</code>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      files are generated for symmetric encryption algorithms such as
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      HMAC-MD5, even though the public and private key are equivalent.
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<div class="refsect1" lang="en">
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<a name="id2662098"></a><h2>EXAMPLE</h2>
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      To generate a 768-bit DSA key for the domain
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      <strong class="userinput"><code>example.com</code></strong>, the following command would be
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      issued:
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User      The command would print a string of the form:
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User    </p>
e62b9c9ce6413fb183c8116381e75dcd07ca5517Tinderbox User<p>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User      the files <code class="filename">Kexample.com.+003+26160.key</code>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      and
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      <code class="filename">Kexample.com.+003+26160.private</code>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<div class="refsect1" lang="en">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<a name="id2662154"></a><h2>SEE ALSO</h2>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      <em class="citetitle">RFC 2539</em>,
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      <em class="citetitle">RFC 2845</em>,
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User      <em class="citetitle">RFC 4034</em>.
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User<div class="refsect1" lang="en">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<a name="id2662185"></a><h2>AUTHOR</h2>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User    </p>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User</div>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<div class="navfooter">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<hr>
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<table width="100%" summary="Navigation footer">
794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375Tinderbox User<tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="left">
c7d32c0b0ff4c01f0d4479af3410d3c06044d48aAutomatic Updater<a accesskey="p" href="man.dnssec-keyfromlabel.html">Prev</a>�</td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-revoke.html">Next</a>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<tr>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User<td width="40%" align="left" valign="top">
2eeb74d1cf5355dd98f6d507a10086e16bb08c4bTinderbox User<span class="application">dnssec-keyfromlabel</span>�</td>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont<td width="40%" align="right" valign="top">�<span class="application">dnssec-revoke</span>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont</td>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont</tr>
90f35c2f2a1c660f3b96eec413036d238df395f6Francis Dupont</table>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</div>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</body>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User</html>
7911e6f9de303bca5a3d8b34f4330c8f7cecffaeTinderbox User