doc/arm/man.dnssec-revoke.html

	man.dnssec-revoke.html revision 1e9517ea2156b990be21f44676d3370318eacf17
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<!--
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2000-2015 Internet Systems Consortium, Inc. ("ISC")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin -
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - This Source Code Form is subject to the terms of the Mozilla Public
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - License, v. 2.0. If a copy of the MPL was not distributed with this
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - file, You can obtain one at http://mozilla.org/MPL/2.0/.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin-->
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<html>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<head>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<title>dnssec-revoke</title>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="home" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</head>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="navheader">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<table width="100%" summary="Navigation header">
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<tr>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<td width="20%" align="left">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<th width="60%" align="center">Manual pages</th>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</td>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</tr>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</table>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<hr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="refentry">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="refnamediv">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<h2>Name</h2>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="application">dnssec-revoke</span> &#8212; set the REVOKED bit on a DNSSEC key</p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="refsynopsisdiv">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<h2>Synopsis</h2>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="refsection">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="id-1.14.12.7"></a><h2>DESCRIPTION</h2>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="command"><strong>dnssec-revoke</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner      in RFC 5011, and creates a new pair of key files containing the
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner      now-revoked key.
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner    </p>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner</div>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<div class="refsection">
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<a name="id-1.14.12.8"></a><h2>OPTIONS</h2>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<div class="variablelist"><dl class="variablelist">
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<dt><span class="term">-h</span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        Emit usage message and exit.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin      </p></dd>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            Sets the directory in which the key files are to reside.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin          </p></dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-r</span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        After writing the new keyset files remove the original keyset
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        files.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin      </p></dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            Sets the debugging level.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin          </p></dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-V</span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin        Prints version information.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin      </p></dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            Specifies the cryptographic hardware to use, when applicable.
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin          </p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            When BIND is built with OpenSSL PKCS#11 support, this defaults
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin            to the string "pkcs11", which identifies an OpenSSL engine
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin            that can drive a cryptographic accelerator or hardware service
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            module.  When BIND is built with native PKCS#11 cryptography
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin            provider library specified via "--with-pkcs11".
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin          </p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-f</span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            Force overwrite: Causes <span class="command"><strong>dnssec-revoke</strong></span> to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            write the new key pair even if a file already exists matching
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin            the algorithm and key ID of the revoked key.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin          </p></dd>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<dt><span class="term">-R</span></dt>
3e14f97f673e8a630f076077de35afdd43dc1587Roger A. Faulkner<dd><p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        Print the key tag of the key with the REVOKE bit set but do
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin        not revoke the key.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin          </p></dd>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</dl></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="refsection">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="id-1.14.12.9"></a><h2>SEE ALSO</h2>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin      <em class="citetitle">RFC 5011</em>.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin    </p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</div>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="navfooter">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<hr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<table width="100%" summary="Navigation footer">
34f9b3eef6fdadbda0a846aa4d68691ac40eace5Roland Mainz<tr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<td width="40%" align="left">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</td>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</tr>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<tr>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<td width="40%" align="left" valign="top">
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<span class="application">dnssec-keygen</span>�</td>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</td>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</tr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</table>
7c2fbfb345896881c631598ee3852ce9ce33fb07April Chin</div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p xmlns:db="http://docbook.org/ns/docbook" style="text-align: center;">BIND 9.11.0b3</p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</body>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin</html>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin