man.dnssec-revoke.html revision 14a656f94b1fd0ababd84a772228dfa52276ba15
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - Copyright (C) 2000-2003 Internet Software Consortium.
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - Permission to use, copy, modify, and/or distribute this software for any
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen - purpose with or without fee is hereby granted, provided that the above
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - copyright notice and this permission notice appear in all copies.
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
bdd36cfdba3ff66d25570a9ff568d69e1eb543cfTimo Sirainen - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
7a60e1dc9e93ef3f7c7fe1af6385a0bfa1e31bc3Timo Sirainen - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen - PERFORMANCE OF THIS SOFTWARE.
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
0cb5a9bfbf40b3b323956792aa13d342a459585eTimo Sirainen<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
9ddd3d7d8651985e373a6c48e0ddc76b8a4ef1c7Timo Sirainen<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<table width="100%" summary="Navigation header">
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen<th width="60%" align="center">Manual pages</th>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
efe78d3ba24fc866af1c79b9223dc0809ba26cadStephan Bosch<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen <span class="application">dnssec-revoke</span>
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen — Set the REVOKED bit on a DNSSEC key
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<a name="id-1.14.11.7"></a><h2>DESCRIPTION</h2>
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen <p><span class="command"><strong>dnssec-revoke</strong></span>
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen reads a DNSSEC key file, sets the REVOKED bit on the key as defined
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen in RFC 5011, and creates a new pair of key files containing the
9261dbf0675204898c6557591c7aa376e23a52b2Timo Sirainen now-revoked key.
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen <div class="variablelist"><dl class="variablelist">
d1414c09cf0d58ac983054e2f4e1a1f329272dcfTimo Sirainen Emit usage message and exit.
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen Sets the directory in which the key files are to reside.
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen After writing the new keyset files remove the original keyset
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen Sets the debugging level.
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen Prints version information.
419baa2c17c63ae516b2df6cc5695f15aaccbff8Timo Sirainen<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
e2ae85924b0ef1a7c97e021a3b901b498f599c18Timo Sirainen Specifies the cryptographic hardware to use, when applicable.
73bfdbe28c2ce6d143eadf0bab8ccfbe4cab0faeTimo Sirainen When BIND is built with OpenSSL PKCS#11 support, this defaults
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen to the string "pkcs11", which identifies an OpenSSL engine
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen that can drive a cryptographic accelerator or hardware service
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen module. When BIND is built with native PKCS#11 cryptography
2a90d8a14b0e7cc1508814bc87d3dfa598ef46a8Timo Sirainen (--enable-native-pkcs11), it defaults to the path of the PKCS#11
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen provider library specified via "--with-pkcs11".
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen write the new key pair even if a file already exists matching
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen the algorithm and key ID of the revoked key.
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen Print the key tag of the key with the REVOKE bit set but do
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen not revoke the key.
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen <span class="refentrytitle">dnssec-keygen</span>(8)
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<table width="100%" summary="Navigation footer">
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<span class="application">dnssec-keygen</span>�</td>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
9137c55411aa39d41c1e705ddc34d5bd26c65021Timo Sirainen<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>