man.dnssec-revoke.html revision b397f922936e9f73aa8c3ea40be3ad74285dacaa
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Copyright (C) 2000-2003 Internet Software Consortium.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - Permission to use, copy, modify, and/or distribute this software for any
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - purpose with or without fee is hereby granted, provided that the above
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - copyright notice and this permission notice appear in all copies.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin - PERFORMANCE OF THIS SOFTWARE.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<!-- $Id$ -->
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="up" href="Bv9ARM.ch10.html" title="Manual pages">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="application">dnssec-revoke</span> — Set the REVOKED bit on a DNSSEC key</p>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code> [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span><strong class="command">dnssec-revoke</strong></span>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin reads a DNSSEC key file, sets the REVOKED bit on the key as defined
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin in RFC 5011, and creates a new pair of key files containing the
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin now-revoked key.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Emit usage message and exit.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the directory in which the key files are to reside.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin After writing the new keyset files remove the original keyset
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Sets the debugging level.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Use the given OpenSSL engine. When compiled with PKCS#11 support
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin it defaults to pkcs11; the empty name resets it to no engine.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin write the new key pair even if a file already exists matching
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin the algorithm and key ID of the revoked key.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin Print the key tag of the key with the REVOKE bit set but do
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin not revoke the key.
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
da2e3ebdc1edfbc5028edf1354e7dd2fa69a7968chin<p><span class="corpauthor">Internet Systems Consortium</span>