doc/arm/man.dnssec-keygen.html

	man.dnssec-keygen.html revision 035992291cb70ec3be4046fcea921b4a6acb1c77
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<!--
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - Copyright (C) 2000-2003 Internet Software Consortium.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd -
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - Permission to use, copy, modify, and distribute this software for any
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - purpose with or without fee is hereby granted, provided that the above
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - copyright notice and this permission notice appear in all copies.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd -
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd - PERFORMANCE OF THIS SOFTWARE.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd-->
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<!-- $Id: man.dnssec-keygen.html,v 1.23 2006/03/09 05:04:38 marka Exp $ -->
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<html>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<head>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<title>dnssec-keygen</title>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<link rel="prev" href="man.host.html" title="host">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</head>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="navheader">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<table width="100%" summary="Navigation header">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<tr><th colspan="3" align="center"><span class="application">dnssec-keygen</span></th></tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="20%" align="left">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a accesskey="p" href="man.host.html">Prev</a>�</td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<th width="60%" align="center">Manual pages</th>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</table>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<hr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refentry" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refnamediv">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<h2>Name</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsynopsisdiv">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<h2>Synopsis</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2579348"></a><h2>DESCRIPTION</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><span><strong class="command">dnssec-keygen</strong></span>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      TSIG (Transaction Signatures), as defined in RFC 2845.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2579362"></a><h2>OPTIONS</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="variablelist"><dl>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Selects the cryptographic algorithm.  The value of
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd                      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            are case insensitive.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            algorithm,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Note 2: HMAC-MD5 and DH automatically set the -k flag.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Specifies the number of bits in the key.  The choice of key
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            between
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            512 and 2048 bits.  Diffie Hellman keys must be between
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            128 and 4096 bits.  DSA keys must be between 512 and 1024
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            bits and an exact multiple of 64.  HMAC-MD5 keys must be
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            between 1 and 512 bits.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Specifies the owner type of the key.  The value of
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            a host (KEY)),
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            These values are
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            case insensitive.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Indicates that the DNS record containing the key should have
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            the specified class.  If not specified, class IN is used.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-e</span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            If generating an RSAMD5/RSASHA1 key, use a large exponent.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Set the specified flag in the flag field of the KEY/DNSKEY record.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd                    The only recognized flag is KSK (Key Signing Key) DNSKEY.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            If generating a Diffie Hellman key, use this generator.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Allowed values are 2 and 5.  If no generator
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            is specified, a known prime from RFC 2539 will be used
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            if possible; otherwise the default is 2.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-h</span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Prints a short summary of the options and arguments to
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            <span><strong class="command">dnssec-keygen</strong></span>.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-k</span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Generate KEY records rather than DNSKEY records.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Sets the protocol value for the generated key.  The protocol
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            is a number between 0 and 255.  The default is 3 (DNSSEC).
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Other possible values for this argument are listed in
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            RFC 2535 and its successors.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Specifies the source of randomness.  If the operating
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            system does not provide a <code class="filename">/dev/random</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            or equivalent device, the default source of randomness
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            is keyboard input.  <code class="filename">randomdev</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            specifies
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            the name of a character device or file containing random
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            data to be used instead of the default.  The special value
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            <code class="filename">keyboard</code> indicates that keyboard
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            input should be used.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Specifies the strength value of the key.  The strength is
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            a number between 0 and 15, and currently has no defined
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            purpose in DNSSEC.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Indicates the use of the key.  <code class="option">type</code> must be
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            is AUTHCONF.  AUTH refers to the ability to authenticate
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            data, and CONF the ability to encrypt data.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<dd><p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd            Sets the debugging level.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          </p></dd>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</dl></div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2579978"></a><h2>GENERATED KEYS</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      When <span><strong class="command">dnssec-keygen</strong></span> completes
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      successfully,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      to the standard output.  This is an identification string for
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      the key it has generated.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="itemizedlist"><ul type="disc">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<li><p><code class="filename">nnnn</code> is the key name.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd        </p></li>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<li><p><code class="filename">aaa</code> is the numeric representation
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          of the
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          algorithm.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd        </p></li>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<li><p><code class="filename">iiiii</code> is the key identifier (or
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd          footprint).
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd        </p></li>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</ul></div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><span><strong class="command">dnssec-keygen</strong></span>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      creates two file, with names based
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      contains the public key, and
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      private
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      key.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      The <code class="filename">.key</code> file contains a DNS KEY record
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      that
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      can be inserted into a zone file (directly or with a $INCLUDE
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      statement).
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      The <code class="filename">.private</code> file contains algorithm
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      specific
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      fields.  For obvious security reasons, this file does not have
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      general read permission.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      Both <code class="filename">.key</code> and <code class="filename">.private</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      files are generated for symmetric encryption algorithm such as
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      HMAC-MD5, even though the public and private key are equivalent.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2580222"></a><h2>EXAMPLE</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      To generate a 768-bit DSA key for the domain
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <strong class="userinput"><code>example.com</code></strong>, the following command would be
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      issued:
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      The command would print a string of the form:
7c999ffca3d732637f046c84f82175a91abfb02dbnicholes    </p>
7c999ffca3d732637f046c84f82175a91abfb02dbnicholes<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
7c999ffca3d732637f046c84f82175a91abfb02dbnicholes    </p>
7c999ffca3d732637f046c84f82175a91abfb02dbnicholes<p>
7c999ffca3d732637f046c84f82175a91abfb02dbnicholes      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      the files <code class="filename">Kexample.com.+003+26160.key</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      and
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <code class="filename">Kexample.com.+003+26160.private</code>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2580279"></a><h2>SEE ALSO</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <em class="citetitle">RFC 2535</em>,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <em class="citetitle">RFC 2845</em>,
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd      <em class="citetitle">RFC 2539</em>.
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="refsect1" lang="en">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a name="id2580310"></a><h2>AUTHOR</h2>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<p><span class="corpauthor">Internet Systems Consortium</span>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd    </p>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<div class="navfooter">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<hr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<table width="100%" summary="Navigation footer">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="40%" align="left">
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<a accesskey="p" href="man.host.html">Prev</a>�</td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="40%" align="left" valign="top">host�</td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd<td width="40%" align="right" valign="top">�<span class="application">dnssec-signzone</span></td>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</tr>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</table>
8a449c6f0d15aeb07df69b8a680960ad7f9a345cnd</div>
</body>
</html>