doc/arm/man.dnssec-revoke.html

	man.dnssec-revoke.html revision 6f1205897504b8f50b1785975482c995888dd630
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<!--
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews -
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - Permission to use, copy, modify, and/or distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews - purpose with or without fee is hereby granted, provided that the above
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - copyright notice and this permission notice appear in all copies.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews -
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dc5c59bd1dfb372225fb72fd83e6f3e9670be04bMark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews-->
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<!-- $Id$ -->
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<html>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<head>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<title>dnssec-revoke</title>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman</head>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="navheader">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<table width="100%" summary="Navigation header">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="20%" align="left">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<th width="60%" align="center">Manual pages</th>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</tr>
e0a30050c8516a3d54a4f8dcdd88435704a8a3edMark Andrews</table>
e0a30050c8516a3d54a4f8dcdd88435704a8a3edMark Andrews<hr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refentry" lang="en">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refnamediv">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<h2>Name</h2>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refsynopsisdiv">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<h2>Synopsis</h2>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refsect1" lang="en">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a name="id2621710"></a><h2>DESCRIPTION</h2>
4ba6b6a7ef064e806dd56c8a3a42f1b0f2299404Mark Andrews<p><span><strong class="command">dnssec-revoke</strong></span>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      in RFC 5011, and creates a new pair of key files containing the
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      now-revoked key.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews    </p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refsect1" lang="en">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a name="id2621724"></a><h2>OPTIONS</h2>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="variablelist"><dl>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-h</span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        Emit usage message and exit.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            Sets the directory in which the key files are to reside.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews          </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-r</span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        After writing the new keyset files remove the original keyset
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        files.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            Sets the debugging level.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews          </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-V</span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        Prints version information.
ad1317338af79edad878c9c3e4361798503310baMark Andrews      </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            Specifies the cryptographic hardware to use, when applicable.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews          </p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            When BIND is built with OpenSSL PKCS#11 support, this defaults
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            to the string "pkcs11", which identifies an OpenSSL engine
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            that can drive a cryptographic accelerator or hardware service
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            module.  When BIND is built with native PKCS#11 cryptography
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            provider library specified via "--with-pkcs11".
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews          </p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-f</span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            write the new key pair even if a file already exists matching
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews            the algorithm and key ID of the revoked key.
4b6dc226f78862286daa69fba761eac9fd5da16aAutomatic Updater          </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dt><span class="term">-R</span></dt>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<dd><p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        Print the key tag of the key with the REVOKE bit set but do
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews        not revoke the key.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews          </p></dd>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</dl></div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refsect1" lang="en">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a name="id2621998"></a><h2>SEE ALSO</h2>
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews      <em class="citetitle">RFC 5011</em>.
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews    </p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="refsect1" lang="en">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a name="id2622023"></a><h2>AUTHOR</h2>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<p><span class="corpauthor">Internet Systems Consortium</span>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews    </p>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<div class="navfooter">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<hr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<table width="100%" summary="Navigation footer">
b0ba1a6059b6d6c4b3aa77d8bc84cc443b981e01Mukund Sivaraman<tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="40%" align="left">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="40%" align="left" valign="top">
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<span class="application">dnssec-keygen</span>�</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</td>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</tr>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</table>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</div>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</body>
ef67e6d8fa86d98a2c0defc43b624434324d9ce7Mark Andrews</html>
e851ea826066ac5a5b01c2c23218faa0273a12e8Evan Hunt