doc/arm/man.dnssec-revoke.html

	man.dnssec-revoke.html revision dc9edc13327189fe890ed3565b4e7a9bd6776402
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley<!--
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater - Copyright (C) 2004-2015 Internet Systems Consortium, Inc. ("ISC")
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - Copyright (C) 2000-2003 Internet Software Consortium.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
ec5347e2c775f027573ce5648b910361aa926c01Automatic Updater - Permission to use, copy, modify, and/or distribute this software for any
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley - purpose with or without fee is hereby granted, provided that the above
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley - copyright notice and this permission notice appear in all copies.
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence -
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
dafcb997e390efa4423883dafd100c975c4095d6Mark Andrews - PERFORMANCE OF THIS SOFTWARE.
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley-->
ca41b452ede6feaa9d8739ec3cae19389a7b0d03Bob Halley<!-- $Id$ -->
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<html>
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence<head>
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<title>dnssec-revoke</title>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<link rel="start" href="Bv9ARM.html" title="BIND 9 Administrator Reference Manual">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<link rel="up" href="Bv9ARM.ch13.html" title="Manual pages">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<link rel="prev" href="man.dnssec-keygen.html" title="dnssec-keygen">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<link rel="next" href="man.dnssec-settime.html" title="dnssec-settime">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</head>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<div class="navheader">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<table width="100%" summary="Navigation header">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<tr><th colspan="3" align="center"><span class="application">dnssec-revoke</span></th></tr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<tr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="20%" align="left">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<th width="60%" align="center">Manual pages</th>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="20%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</tr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</table>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<hr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="refentry" lang="en">
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<a name="man.dnssec-revoke"></a><div class="titlepage"></div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="refnamediv">
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<h2>Name</h2>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<p><span class="application">dnssec-revoke</span> &#8212; Set the REVOKED bit on a DNSSEC key</p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews</div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="refsynopsisdiv">
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<h2>Synopsis</h2>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-V</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews</div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="refsect1" lang="en">
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<a name="id2626172"></a><h2>DESCRIPTION</h2>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<p><span><strong class="command">dnssec-revoke</strong></span>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      in RFC 5011, and creates a new pair of key files containing the
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      now-revoked key.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews    </p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews</div>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="refsect1" lang="en">
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<a name="id2626186"></a><h2>OPTIONS</h2>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<div class="variablelist"><dl>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-h</span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd><p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews        Emit usage message and exit.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      </p></dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd><p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews            Sets the directory in which the key files are to reside.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews          </p></dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-r</span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd><p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews        After writing the new keyset files remove the original keyset
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews        files.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      </p></dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd><p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews            Sets the debugging level.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews          </p></dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-V</span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd><p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews        Prints version information.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews      </p></dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<dd>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews<p>
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews            Specifies the cryptographic hardware to use, when applicable.
ea8564f68adbacd904e55e47668fe1bbf65ddd1dMark Andrews          </p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            When BIND is built with OpenSSL PKCS#11 support, this defaults
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            to the string "pkcs11", which identifies an OpenSSL engine
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            that can drive a cryptographic accelerator or hardware service
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            module.  When BIND is built with native PKCS#11 cryptography
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            (--enable-native-pkcs11), it defaults to the path of the PKCS#11
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            provider library specified via "--with-pkcs11".
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews          </p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</dd>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<dt><span class="term">-f</span></dt>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<dd><p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            Force overwrite: Causes <span><strong class="command">dnssec-revoke</strong></span> to
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            write the new key pair even if a file already exists matching
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews            the algorithm and key ID of the revoked key.
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence          </p></dd>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<dt><span class="term">-R</span></dt>
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews<dd><p>
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews        Print the key tag of the key with the REVOKE bit set but do
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews        not revoke the key.
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews          </p></dd>
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews</dl></div>
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews</div>
ea72ae09ffb66ae5ed152c909a371b8a789b52c8Mark Andrews<div class="refsect1" lang="en">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<a name="id2626324"></a><h2>SEE ALSO</h2>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews      <em class="citetitle">RFC 5011</em>.
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews    </p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</div>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<div class="refsect1" lang="en">
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<a name="id2626348"></a><h2>AUTHOR</h2>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence<p><span class="corpauthor">Internet Systems Consortium</span>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    </p>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</div>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</div>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<div class="navfooter">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<hr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<table width="100%" summary="Navigation footer">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<tr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="40%" align="left">
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<a accesskey="p" href="man.dnssec-keygen.html">Prev</a>�</td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="20%" align="center"><a accesskey="u" href="Bv9ARM.ch13.html">Up</a></td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="40%" align="right">�<a accesskey="n" href="man.dnssec-settime.html">Next</a>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews</tr>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<tr>
f6754349781d86adcd749e6ef90bb4074f18ba65David Lawrence<td width="40%" align="left" valign="top">
f6754349781d86adcd749e6ef90bb4074f18ba65David Lawrence<span class="application">dnssec-keygen</span>�</td>
0857dced07ca40107d7f2b5931db48a6e2a1d0c9Mark Andrews<td width="20%" align="center"><a accesskey="h" href="Bv9ARM.html">Home</a></td>
<td width="40%" align="right" valign="top">�<span class="application">dnssec-settime</span>
</td>
</tr>
</table>
</div>
<p style="text-align: center;">BIND 9.11.0pre-alpha</p>
</body>
</html>