doc/arm/man.dnssec-revoke.html

2353N/A<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
2353N/A<!--
2353N/A - Copyright (C) 2000-2018 Internet Systems Consortium, Inc. ("ISC")
2353N/A -
2353N/A - This Source Code Form is subject to the terms of the Mozilla Public
2353N/A - License, v. 2.0. If a copy of the MPL was not distributed with this
2353N/A - file, You can obtain one at http://mozilla.org/MPL/2.0/.
2353N/A-->
2353N/A<html lang="en">
2353N/A<head>
2353N/A<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
2353N/A<title>dnssec-revoke</title>
2353N/A<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
2353N/A<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
2353N/A<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
2353N/A<link rel="prev" href="man.dnssec-keymgr.html" title="dnssec-keymgr">
2353N/A<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
2353N/A</head>
2353N/A<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
2353N/A<div class="navheader">
2353N/A<table width="100%" summary="Navigation header">
2353N/A<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
2353N/A<tr>
2353N/A<td width="20%" align="left">
5170N/A<a accesskey="p" href="man.dnssec-keymgr.html">Prev</a>�</td>
5656N/A<th width="60%" align="center">Manual pages</th>
2353N/A<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
2353N/A</td>
2353N/A</tr>
2353N/A</table>
2353N/A<hr>
2353N/A</div>
2353N/A<div class="refentry">
5170N/A<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
2353N/A
2353N/A
2353N/A
2353N/A
2353N/A
2353N/A  <div class="refnamediv">
2353N/A<h2>Name</h2>
2353N/A<p>
2353N/A    <span class="application">dnssec-revoke</span>
2353N/A     &#8212; set the REVOKED bit on a DNSSEC key
2353N/A  </p>
5170N/A</div>
2353N/A
2353N/A
2353N/A
2353N/A  <div class="refsynopsisdiv">
2353N/A<h2>Synopsis</h2>
2353N/A    <div class="cmdsynopsis"><p>
2353N/A      <code class="command">dnssec-revoke</code>
2353N/A       [<code class="option">-hr</code>]
2353N/A       [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
2353N/A       [<code class="option">-V</code>]
2353N/A       [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
2353N/A       [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]
2624N/A       [<code class="option">-f</code>]
2624N/A       [<code class="option">-R</code>]
2353N/A       {keyfile}
2624N/A    </p></div>
5656N/A  </div>
5656N/A
5656N/A  <div class="refsection">
5656N/A<a name="id-1.14.14.7"></a><h2>DESCRIPTION</h2>
2353N/A
2353N/A    <p><span class="command"><strong>dnssec-revoke</strong></span>
2353N/A      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
2353N/A      in RFC 5011, and creates a new pair of key files containing the
2353N/A      now-revoked key.
2353N/A    </p>
2353N/A  </div>
2353N/A
2353N/A  <div class="refsection">
2353N/A<a name="id-1.14.14.8"></a><h2>OPTIONS</h2>
2353N/A
2353N/A
2353N/A    <div class="variablelist"><dl class="variablelist">
2353N/A<dt><span class="term">-h</span></dt>
2353N/A<dd>
2353N/A      <p>
2353N/A        Emit usage message and exit.
2353N/A      </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
2353N/A<dd>
2353N/A          <p>
2353N/A            Sets the directory in which the key files are to reside.
2353N/A          </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-r</span></dt>
2353N/A<dd>
2353N/A      <p>
2353N/A        After writing the new keyset files remove the original keyset
2353N/A        files.
2353N/A      </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
2353N/A<dd>
2353N/A          <p>
2353N/A            Sets the debugging level.
2353N/A          </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-V</span></dt>
2353N/A<dd>
2353N/A      <p>
2353N/A        Prints version information.
2353N/A      </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
2353N/A<dd>
2353N/A          <p>
2353N/A            Specifies the cryptographic hardware to use, when applicable.
2353N/A          </p>
2353N/A          <p>
2353N/A            When BIND is built with OpenSSL PKCS#11 support, this defaults
2353N/A            to the string "pkcs11", which identifies an OpenSSL engine
2353N/A            that can drive a cryptographic accelerator or hardware service
2353N/A            module.  When BIND is built with native PKCS#11 cryptography
2353N/A            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
2353N/A            provider library specified via "--with-pkcs11".
2353N/A          </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-f</span></dt>
2353N/A<dd>
5170N/A          <p>
2353N/A            Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
2353N/A            write the new key pair even if a file already exists matching
2353N/A            the algorithm and key ID of the revoked key.
2353N/A          </p>
2353N/A        </dd>
2353N/A<dt><span class="term">-R</span></dt>
2353N/A<dd>
2353N/A          <p>
2353N/A        Print the key tag of the key with the REVOKE bit set but do
2353N/A        not revoke the key.
2353N/A          </p>
2353N/A        </dd>
2353N/A</dl></div>
2353N/A  </div>
2353N/A
2353N/A  <div class="refsection">
2353N/A<a name="id-1.14.14.9"></a><h2>SEE ALSO</h2>
2353N/A
2353N/A    <p><span class="citerefentry">
2353N/A        <span class="refentrytitle">dnssec-keygen</span>(8)
2353N/A      </span>,
2353N/A      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
5170N/A      <em class="citetitle">RFC 5011</em>.
5170N/A    </p>
5175N/A  </div>
5175N/A
5170N/A</div>
5170N/A<div class="navfooter">
5170N/A<hr>
5170N/A<table width="100%" summary="Navigation footer">
5175N/A<tr>
5170N/A<td width="40%" align="left">
5170N/A<a accesskey="p" href="man.dnssec-keymgr.html">Prev</a>�</td>
5170N/A<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
5170N/A<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
5170N/A</td>
5170N/A</tr>
5170N/A<tr>
5170N/A<td width="40%" align="left" valign="top">
5170N/A<span class="application">dnssec-keymgr</span>�</td>
5170N/A<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
5170N/A<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
5170N/A</td>
5170N/A</tr>
5170N/A</table>
5170N/A</div>
5170N/A<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.3 (Extended Support Version)</p>
5170N/A</body>
5170N/A</html>
5170N/A