man.dnssec-revoke.html revision 14a656f94b1fd0ababd84a772228dfa52276ba15
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - Permission to use, copy, modify, and/or distribute this software for any
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - purpose with or without fee is hereby granted, provided that the above
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson - copyright notice and this permission notice appear in all copies.
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
8a66318e41ed14c5a88130e8c362610e8faa2121Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
75c0816e8295e180f4bc7f10db3d0d880383bc1cMark Andrews<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein — Set the REVOKED bit on a DNSSEC key
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<code class="option">-v <em class="replaceable"><code>level</code></em></code>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>]
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <p><span class="command"><strong>dnssec-revoke</strong></span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein reads a DNSSEC key file, sets the REVOKED bit on the key as defined
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein in RFC 5011, and creates a new pair of key files containing the
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein now-revoked key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <div class="variablelist"><dl class="variablelist">
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Emit usage message and exit.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the directory in which the key files are to reside.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein After writing the new keyset files remove the original keyset
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Sets the debugging level.
8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson Prints version information.
8eea877894ea5bcf5cdd9ca124a8601ad421d753Andreas Gustafsson<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Specifies the cryptographic hardware to use, when applicable.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein When BIND is built with OpenSSL PKCS#11 support, this defaults
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein to the string "pkcs11", which identifies an OpenSSL engine
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein that can drive a cryptographic accelerator or hardware service
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein module. When BIND is built with native PKCS#11 cryptography
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein (--enable-native-pkcs11), it defaults to the path of the PKCS#11
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein provider library specified via "--with-pkcs11".
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein write the new key pair even if a file already exists matching
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein the algorithm and key ID of the revoked key.
ddccd5811feff696ba460dabfb666ce61040f545Andreas Gustafsson Print the key tag of the key with the REVOKE bit set but do
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein not revoke the key.
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <span class="refentrytitle">dnssec-keygen</span>(8)
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<span class="application">dnssec-keygen</span>�</td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0pre-alpha</p>