dnssec-keyfromlabel.html (193149) | dnssec-keyfromlabel.html (204619) |
---|---|
1<!-- | 1<!-- |
2 - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") | 2 - Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC") |
3 - | 3 - |
4 - Permission to use, copy, modify, and distribute this software for any | 4 - Permission to use, copy, modify, and/or distribute this software for any |
5 - purpose with or without fee is hereby granted, provided that the above 6 - copyright notice and this permission notice appear in all copies. 7 - 8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 - PERFORMANCE OF THIS SOFTWARE. 15--> | 5 - purpose with or without fee is hereby granted, provided that the above 6 - copyright notice and this permission notice appear in all copies. 7 - 8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14 - PERFORMANCE OF THIS SOFTWARE. 15--> |
16<!-- $Id: dnssec-keyfromlabel.html,v 1.5 2008/10/15 01:11:35 tbox Exp $ --> | 16<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010/01/16 01:55:32 tbox Exp $ --> |
17<html> 18<head> 19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 20<title>dnssec-keyfromlabel</title> 21<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 22</head> 23<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 24<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div> 25<div class="refnamediv"> 26<h2>Name</h2> 27<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p> 28</div> 29<div class="refsynopsisdiv"> 30<h2>Synopsis</h2> 31<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> 32</div> 33<div class="refsect1" lang="en"> | 17<html> 18<head> 19<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"> 20<title>dnssec-keyfromlabel</title> 21<meta name="generator" content="DocBook XSL Stylesheets V1.71.1"> 22</head> 23<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en"> 24<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div> 25<div class="refnamediv"> 26<h2>Name</h2> 27<p><span class="application">dnssec-keyfromlabel</span> — DNSSEC key generation tool</p> 28</div> 29<div class="refsynopsisdiv"> 30<h2>Synopsis</h2> 31<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code> {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div> 32</div> 33<div class="refsect1" lang="en"> |
34<a name="id2543413"></a><h2>DESCRIPTION</h2> | 34<a name="id2543416"></a><h2>DESCRIPTION</h2> |
35<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 36 gets keys with the given label from a crypto hardware and builds 37 key files for DNSSEC (Secure DNS), as defined in RFC 2535 38 and RFC 4034. 39 </p> 40</div> 41<div class="refsect1" lang="en"> | 35<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 36 gets keys with the given label from a crypto hardware and builds 37 key files for DNSSEC (Secure DNS), as defined in RFC 2535 38 and RFC 4034. 39 </p> 40</div> 41<div class="refsect1" lang="en"> |
42<a name="id2543425"></a><h2>OPTIONS</h2> | 42<a name="id2543428"></a><h2>OPTIONS</h2> |
43<div class="variablelist"><dl> 44<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> 45<dd> 46<p> 47 Selects the cryptographic algorithm. The value of | 43<div class="variablelist"><dl> 44<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt> 45<dd> 46<p> 47 Selects the cryptographic algorithm. The value of |
48 <code class="option">algorithm</code> must be one of RSAMD5 (RSA) 49 or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA or DH (Diffie Hellman). | 48 <code class="option">algorithm</code> must be one of RSAMD5, 49 RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, 50 RSASHA512 or DH (Diffie Hellman). |
50 These values are case insensitive. 51 </p> 52<p> | 51 These values are case insensitive. 52 </p> 53<p> |
54 If no algorithm is specified, then RSASHA1 will be used by 55 default, unless the <code class="option">-3</code> option is specified, 56 in which case NSEC3RSASHA1 will be used instead. (If 57 <code class="option">-3</code> is used and an algorithm is specified, 58 that algorithm will be checked for compatibility with NSEC3.) 59 </p> 60<p> |
|
53 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement 54 algorithm, and DSA is recommended. 55 </p> 56<p> 57 Note 2: DH automatically sets the -k flag. 58 </p> 59</dd> 60<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt> --- 46 unchanged lines hidden (view full) --- 107 </p></dd> 108<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> 109<dd><p> 110 Sets the debugging level. 111 </p></dd> 112</dl></div> 113</div> 114<div class="refsect1" lang="en"> | 61 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement 62 algorithm, and DSA is recommended. 63 </p> 64<p> 65 Note 2: DH automatically sets the -k flag. 66 </p> 67</dd> 68<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt> --- 46 unchanged lines hidden (view full) --- 115 </p></dd> 116<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt> 117<dd><p> 118 Sets the debugging level. 119 </p></dd> 120</dl></div> 121</div> 122<div class="refsect1" lang="en"> |
115<a name="id2543619"></a><h2>GENERATED KEY FILES</h2> | 123<a name="id2543632"></a><h2>GENERATED KEY FILES</h2> |
116<p> 117 When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes 118 successfully, 119 it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> 120 to the standard output. This is an identification string for 121 the key files it has generated. 122 </p> 123<div class="itemizedlist"><ul type="disc"> --- 24 unchanged lines hidden (view full) --- 148<p> 149 The <code class="filename">.private</code> file contains algorithm 150 specific 151 fields. For obvious security reasons, this file does not have 152 general read permission. 153 </p> 154</div> 155<div class="refsect1" lang="en"> | 124<p> 125 When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes 126 successfully, 127 it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code> 128 to the standard output. This is an identification string for 129 the key files it has generated. 130 </p> 131<div class="itemizedlist"><ul type="disc"> --- 24 unchanged lines hidden (view full) --- 156<p> 157 The <code class="filename">.private</code> file contains algorithm 158 specific 159 fields. For obvious security reasons, this file does not have 160 general read permission. 161 </p> 162</div> 163<div class="refsect1" lang="en"> |
156<a name="id2543691"></a><h2>SEE ALSO</h2> | 164<a name="id2543704"></a><h2>SEE ALSO</h2> |
157<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, 158 <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, 159 <em class="citetitle">BIND 9 Administrator Reference Manual</em>, | 165<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>, 166 <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>, 167 <em class="citetitle">BIND 9 Administrator Reference Manual</em>, |
160 <em class="citetitle">RFC 2539</em>, 161 <em class="citetitle">RFC 2845</em>, 162 <em class="citetitle">RFC 4033</em>. | 168 <em class="citetitle">RFC 4034</em>. |
163 </p> 164</div> 165<div class="refsect1" lang="en"> | 169 </p> 170</div> 171<div class="refsect1" lang="en"> |
166<a name="id2543731"></a><h2>AUTHOR</h2> | 172<a name="id2543737"></a><h2>AUTHOR</h2> |
167<p><span class="corpauthor">Internet Systems Consortium</span> 168 </p> 169</div> 170</div></body> 171</html> | 173<p><span class="corpauthor">Internet Systems Consortium</span> 174 </p> 175</div> 176</div></body> 177</html> |