doc/arm/man.dnssec-revoke.html

	man.dnssec-revoke.html revision 794b79e6bbc3f5db1ea6ae154d739b9f1ef1a375
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<!--
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - Copyright (C) 2004-2014 Internet Systems Consortium, Inc. ("ISC")
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - Copyright (C) 2000-2003 Internet Software Consortium.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna -
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - Permission to use, copy, modify, and/or distribute this software for any
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - purpose with or without fee is hereby granted, provided that the above
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - copyright notice and this permission notice appear in all copies.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna -
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna - PERFORMANCE OF THIS SOFTWARE.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna-->
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<!-- $Id$ -->
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<html>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<head>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<title>dnssec-revoke</title>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</head>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="navheader">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<table width="100%" summary="Navigation header">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="20%" align="left">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<th width="60%" align="center">Manual pages</th>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</table>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<hr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refentry" lang="en">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refnamediv">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<h2>Name</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refsynopsisdiv">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<h2>Synopsis</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refsect1" lang="en">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a name="id2622347"></a><h2>DESCRIPTION</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p><span><strong class="command">dnssec-revoke</strong></span>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      in RFC 5011, and creates a new pair of key files containing the
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      now-revoked key.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna    </p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refsect1" lang="en">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a name="id2622361"></a><h2>OPTIONS</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="variablelist"><dl>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-h</span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna        Emit usage message and exit.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            Sets the directory in which the key files are to reside.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-r</span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna        After writing the new keyset files remove the original keyset
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna        files.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            Sets the debugging level.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            Specifies the cryptographic hardware to use, when applicable.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            When BIND is built with OpenSSL PKCS#11 support, this defaults
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            to the string "pkcs11", which identifies an OpenSSL engine
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            that can drive a cryptographic accelerator or hardware service
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            module.  When BIND is built with native PKCS#11 cryptography
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            provider library specified via "--with-pkcs11".
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-f</span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            write the new key pair even if a file already exists matching
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna            the algorithm and key ID of the revoked key.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dt><span class="term">-R</span></dt>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<dd><p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna        Print the key tag of the key with the REVOKE bit set but do
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna        not revoke the key.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna          </p></dd>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</dl></div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refsect1" lang="en">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a name="id2622485"></a><h2>SEE ALSO</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna      <em class="citetitle">RFC 5011</em>.
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna    </p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="refsect1" lang="en">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a name="id2622509"></a><h2>AUTHOR</h2>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<p><span class="corpauthor">Internet Systems Consortium</span>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna    </p>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<div class="navfooter">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<hr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<table width="100%" summary="Navigation footer">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="40%" align="left">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch10.html">Up</a></td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="40%" align="left" valign="top">
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<span class="application">dnssec-keygen</span>�</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</td>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</tr>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</table>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</div>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</body>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna</html>
ba5f469c0173c4d47f377c20b530f5be165d49dckrishna