doc/arm/man.dnssec-revoke.html

	man.dnssec-revoke.html revision 6f1205897504b8f50b1785975482c995888dd630
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<!--
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
72cbea34c935116215846c88a94a3c21ec8c1827Mark Andrews -
4e3c7a22ea3219f680e09540ee12bb326fc2ccedMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews - purpose with or without fee is hereby granted, provided that the above
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews - copyright notice and this permission notice appear in all copies.
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews -
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
01bf5871f8861eb805dd8ca79bdb9b0b9e4e6a5eMark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews - PERFORMANCE OF THIS SOFTWARE.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews-->
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<!-- $Id$ -->
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<html>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<head>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<title>dnssec-revoke</title>
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews</head>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="navheader">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<table width="100%" summary="Navigation header">
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
a3b428812703d22a605a9f882e71ed65f0ffdc65Mark Andrews<tr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="20%" align="left">
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
c6d4f781529d2f28693546b25b2967d44ec89e60Mark Andrews<th width="60%" align="center">Manual pages</th>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
c718d15a9a95054ee3c71540c02335426071fc6dMark Andrews</td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</tr>
4038ab55037184d76153afd3c469aa8c85adf85dMark Andrews</table>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<hr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</div>
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews<div class="refentry" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
ede29aeb412c5448ab9a2028763ae08e7887ca74Mark Andrews<div class="refnamediv">
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews<h2>Name</h2>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews</div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<div class="refsynopsisdiv">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<h2>Synopsis</h2>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson</div>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<div class="refsect1" lang="en">
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<a name="id2621710"></a><h2>DESCRIPTION</h2>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<p><span><strong class="command">dnssec-revoke</strong></span>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington      in RFC 5011, and creates a new pair of key files containing the
26a77b80bb7ee886c6fa704348d5e80a011d8811Mark Andrews      now-revoked key.
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews    </p>
7e5b2100ea65658a7ec3795919b4ecd29a6f118aMark Andrews</div>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="refsect1" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2621724"></a><h2>OPTIONS</h2>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<div class="variablelist"><dl>
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark Andrews<dt><span class="term">-h</span></dt>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<dd><p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews        Emit usage message and exit.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </p></dd>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<dd><p>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson            Sets the directory in which the key files are to reside.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews          </p></dd>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews<dt><span class="term">-r</span></dt>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson<dd><p>
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews        After writing the new keyset files remove the original keyset
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson        files.
821d2613356f81e5bb5c107288d6d5cf35c2a1e8Mark Andrews      </p></dd>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
c25080dc50542213058c240226c9f342186e6285Mark Andrews<dd><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            Sets the debugging level.
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews          </p></dd>
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews<dt><span class="term">-V</span></dt>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews<dd><p>
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews        Prints version information.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      </p></dd>
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews<dd>
c25080dc50542213058c240226c9f342186e6285Mark Andrews<p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            Specifies the cryptographic hardware to use, when applicable.
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews          </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            When BIND is built with OpenSSL PKCS#11 support, this defaults
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            to the string "pkcs11", which identifies an OpenSSL engine
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            that can drive a cryptographic accelerator or hardware service
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            module.  When BIND is built with native PKCS#11 cryptography
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            provider library specified via "--with-pkcs11".
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews          </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</dd>
642e0716c8b4ab82ebc8e60f94c9e897ee89f19aMark Andrews<dt><span class="term">-f</span></dt>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dd><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            write the new key pair even if a file already exists matching
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews            the algorithm and key ID of the revoked key.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews          </p></dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dt><span class="term">-R</span></dt>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<dd><p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews        Print the key tag of the key with the REVOKE bit set but do
c25080dc50542213058c240226c9f342186e6285Mark Andrews        not revoke the key.
413988c8166976498250c0ebb2e3a645d0366bd3Mark Andrews          </p></dd>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</dl></div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<div class="refsect1" lang="en">
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<a name="id2621998"></a><h2>SEE ALSO</h2>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews      <em class="citetitle">RFC 5011</em>.
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews    </p>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<div class="refsect1" lang="en">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<a name="id2622023"></a><h2>AUTHOR</h2>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<p><span class="corpauthor">Internet Systems Consortium</span>
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews    </p>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews</div>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</div>
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews<div class="navfooter">
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<hr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<table width="100%" summary="Navigation footer">
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews<tr>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="40%" align="left">
ed178efa9ab8f813538fce4ff603b81ded9f1799Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
c651f15b30f1dae5cc2f00878fb5da5b3a35a468Mark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews</td>
46e873c835bf7d9ec3e1097e0aceb8db5b1ae93aMark Andrews</tr>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<tr>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews<td width="40%" align="left" valign="top">
605bd686e437162b5ab65ac4e7c1be0bba1886ddMark Andrews<span class="application">dnssec-keygen</span>�</td>
9e3a7b0faf417a10f5f689edf288807b2d5eedc5Brian Wellington<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
a9789e288ee11ae4315e27235c33bae5405bd7c4Mark Andrews</td>
62ee2c9f460d2e2e45dcf1abc8b4b4a4a43f5618Mark Andrews</tr>
1eb1e1e838d2ea00b166c918bf50764a95826be8Mark Andrews</table>
068a66979695c77359e7a9181bb3f831c965b21cMark Andrews</div>
75216e007570b8ea36b3ac9cca096bf70c0ca6f6Mark Andrews</body>
ea206aebcafe1ed5d470dd99daab9a1cedc81c7cMark Andrews</html>
91216cff91b34c9ff6e846dc23f248219cafe660Andreas Gustafsson