doc/arm/man.dnssec-keygen.html

	man.dnssec-keygen.html revision 6101b9f0d904a708e900a74abc16d1e0eda67264
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User<!--
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - Copyright (C) 2000-2003 Internet Software Consortium.
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User -
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - Permission to use, copy, modify, and distribute this software for any
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - purpose with or without fee is hereby granted, provided that the above
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - copyright notice and this permission notice appear in all copies.
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User -
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User - PERFORMANCE OF THIS SOFTWARE.
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User-->
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User<!-- $Id: man.dnssec-keygen.html,v 1.12 2005/12/05 02:08:05 marka Exp $ -->
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User<html>
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User<head>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1c57c3f79db0bf0358bbe6d7b5ad650c0c852f4bTinderbox User<title>dnssec-keygen</title>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<meta name="generator" content="DocBook XSL Stylesheets V1.69.1">
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
f9ce6280cec79deb16ff6d9807aa493ff23e10d9Tinderbox User<link rel="prev" href="man.host.html" title="host">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<link rel="next" href="man.dnssec-signzone.html" title="dnssec-signzone">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</head>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User<div class="navheader">
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User<table width="100%" summary="Navigation header">
e285c11870c6263cd79b418e104c7eb3e2d96952Tinderbox User<tr><th colspan="3" align="center"><span class="application">dnssec-keygen</span></th></tr>
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User<tr>
46472a450e043434d78fa18edc73bca8c47f3981Tinderbox User<td width="20%" align="left">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a accesskey="p" href="man.host.html">Prev</a>�</td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<th width="60%" align="center">Manual pages</th>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</tr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</table>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<hr>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="refentry" lang="en">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="refnamediv">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<h2>Name</h2>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="refsynopsisdiv">
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<h2>Synopsis</h2>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User</div>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<div class="refsect1" lang="en">
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<a name="id2578308"></a><h2>DESCRIPTION</h2>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<p><span><strong class="command">dnssec-keygen</strong></span>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User      TSIG (Transaction Signatures), as defined in RFC 2845.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User    </p>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User</div>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<div class="refsect1" lang="en">
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<a name="id2578322"></a><h2>OPTIONS</h2>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<div class="variablelist"><dl>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<dd>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<p>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            Selects the cryptographic algorithm.  The value of
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User                      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User            are case insensitive.
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User          </p>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User<p>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            algorithm,
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User          </p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User            Note 2: HMAC-MD5 and DH automatically set the -k flag.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p>
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User</dd>
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
6b7cba2b10d6cb5363d94b434b0d22ecfb33a6f3Tinderbox User<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Specifies the number of bits in the key.  The choice of key
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            between
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            512 and 2048 bits.  Diffie Hellman keys must be between
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            128 and 4096 bits.  DSA keys must be between 512 and 1024
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            bits and an exact multiple of 64.  HMAC-MD5 keys must be
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            between 1 and 512 bits.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p></dd>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dd><p>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            Specifies the owner type of the key.  The value of
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
1ffe3f29e3cd0d8355500e9fd34de918ad9b4a01Tinderbox User            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            a host (KEY)),
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            These values are
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            case insensitive.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p></dd>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dd><p>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            Indicates that the DNS record containing the key should have
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            the specified class.  If not specified, class IN is used.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p></dd>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dt><span class="term">-e</span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dd><p>
1ffe3f29e3cd0d8355500e9fd34de918ad9b4a01Tinderbox User            If generating an RSAMD5/RSASHA1 key, use a large exponent.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p></dd>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User<dd><p>
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            Set the specified flag in the flag field of the KEY/DNSKEY record.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User                    The only recognized flag is KSK (Key Signing Key) DNSKEY.
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User          </p></dd>
1ffe3f29e3cd0d8355500e9fd34de918ad9b4a01Tinderbox User<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<dd><p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User            If generating a Diffie Hellman key, use this generator.
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User            Allowed values are 2 and 5.  If no generator
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User            is specified, a known prime from RFC 2539 will be used
260e8e04b0dc24cb884c789b5d9eb046457f264eTinderbox User            if possible; otherwise the default is 2.
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User          </p></dd>
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User<dt><span class="term">-h</span></dt>
3ba1f79ade054aa6a0dc5032502bcdcf357cd7bdTinderbox User<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Prints a short summary of the options and arguments to
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            <span><strong class="command">dnssec-keygen</strong></span>.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-k</span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Generate KEY records rather than DNSKEY records.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Sets the protocol value for the generated key.  The protocol
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            is a number between 0 and 255.  The default is 3 (DNSSEC).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Other possible values for this argument are listed in
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            RFC 2535 and its successors.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Specifies the source of randomness.  If the operating
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            system does not provide a <code class="filename">/dev/random</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            or equivalent device, the default source of randomness
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            is keyboard input.  <code class="filename">randomdev</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            specifies
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            the name of a character device or file containing random
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            data to be used instead of the default.  The special value
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            <code class="filename">keyboard</code> indicates that keyboard
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            input should be used.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Specifies the strength value of the key.  The strength is
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            a number between 0 and 15, and currently has no defined
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User            purpose in DNSSEC.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<dd><p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User            Indicates the use of the key.  <code class="option">type</code> must be
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            is AUTHCONF.  AUTH refers to the ability to authenticate
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            data, and CONF the ability to encrypt data.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          </p></dd>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<dd><p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt            Sets the debugging level.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          </p></dd>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</dl></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<div class="refsect1" lang="en">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="id2578733"></a><h2>GENERATED KEYS</h2>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      When <span><strong class="command">dnssec-keygen</strong></span> completes
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      successfully,
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      to the standard output.  This is an identification string for
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      the key it has generated.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="itemizedlist"><ul type="disc">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li><p><code class="filename">nnnn</code> is the key name.
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User        </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li><p><code class="filename">aaa</code> is the numeric representation
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          of the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt          algorithm.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt        </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<li><p><code class="filename">iiiii</code> is the key identifier (or
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User          footprint).
9d557856c2a19ec95ee73245f60a92f8675cf5baTinderbox User        </p></li>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</ul></div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p><span><strong class="command">dnssec-keygen</strong></span>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      creates two file, with names based
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      contains the public key, and
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      private
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      key.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User<p>
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User      The <code class="filename">.key</code> file contains a DNS KEY record
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User      that
76cf91b5df7a1bc450afcb9ce7585c61bb87de68Tinderbox User      can be inserted into a zone file (directly or with a $INCLUDE
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      statement).
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      The <code class="filename">.private</code> file contains algorithm
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User      specific
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      fields.  For obvious security reasons, this file does not have
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      general read permission.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      Both <code class="filename">.key</code> and <code class="filename">.private</code>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      files are generated for symmetric encryption algorithm such as
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt      HMAC-MD5, even though the public and private key are equivalent.
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt    </p>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<div class="refsect1" lang="en">
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<a name="id2579251"></a><h2>EXAMPLE</h2>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      To generate a 768-bit DSA key for the domain
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      <strong class="userinput"><code>example.com</code></strong>, the following command would be
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User      issued:
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User    </p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      The command would print a string of the form:
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      the files <code class="filename">Kexample.com.+003+26160.key</code>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      and
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <code class="filename">Kexample.com.+003+26160.private</code>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<div class="refsect1" lang="en">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<a name="id2579307"></a><h2>SEE ALSO</h2>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <em class="citetitle">RFC 2535</em>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <em class="citetitle">RFC 2845</em>,
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User      <em class="citetitle">RFC 2539</em>.
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User    </p>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<div class="refsect1" lang="en">
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<a name="id2579338"></a><h2>AUTHOR</h2>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User<p><span class="corpauthor">Internet Systems Consortium</span>
8a48b6b9b6fa8486f24b22d1972b2b6ebb36a4a4Tinderbox User    </p>
a1ff871f78b7d907d6fc3a382beea2a640fe8423Tinderbox User</div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User</div>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<div class="navfooter">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<hr>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<table width="100%" summary="Navigation footer">
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<tr>
3241ddcf9354c5ab50f4df5a656e72a5c68e172bTinderbox User<td width="40%" align="left">
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<a accesskey="p" href="man.host.html">Prev</a>�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-signzone.html">Next</a>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</tr>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<tr>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="40%" align="left" valign="top">host�</td>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User<td width="40%" align="right" valign="top">�<span class="application">dnssec-signzone</span></td>
fd2597f75693a2279fdf588bd40dfe2407c42028Tinderbox User</tr>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</table>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</div>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</body>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt</html>
14a656f94b1fd0ababd84a772228dfa52276ba15Evan Hunt