| dnssec-keygen.8 (193149) | dnssec-keygen.8 (204619) |
|---|---|
| 1.\" Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") | 1.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC") |
| 2.\" Copyright (C) 2000-2003 Internet Software Consortium. 3.\" | 2.\" Copyright (C) 2000-2003 Internet Software Consortium. 3.\" |
| 4.\" Permission to use, copy, modify, and distribute this software for any | 4.\" Permission to use, copy, modify, and/or distribute this software for any |
| 5.\" purpose with or without fee is hereby granted, provided that the above 6.\" copyright notice and this permission notice appear in all copies. 7.\" 8.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14.\" PERFORMANCE OF THIS SOFTWARE. 15.\" | 5.\" purpose with or without fee is hereby granted, provided that the above 6.\" copyright notice and this permission notice appear in all copies. 7.\" 8.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 9.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 10.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 11.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 12.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 13.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 14.\" PERFORMANCE OF THIS SOFTWARE. 15.\" |
| 16.\" $Id: dnssec-keygen.8,v 1.40 2008/10/15 01:11:35 tbox Exp $ | 16.\" $Id: dnssec-keygen.8,v 1.40.44.4 2010/01/16 01:55:32 tbox Exp $ |
| 17.\" 18.hy 0 19.ad l 20.\" Title: dnssec\-keygen 21.\" Author: 22.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> 23.\" Date: June 30, 2000 24.\" Manual: BIND9 --- 8 unchanged lines hidden (view full) --- 33dnssec\-keygen \- DNSSEC key generation tool 34.SH "SYNOPSIS" 35.HP 14 36\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name} 37.SH "DESCRIPTION" 38.PP 39\fBdnssec\-keygen\fR 40generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. | 17.\" 18.hy 0 19.ad l 20.\" Title: dnssec\-keygen 21.\" Author: 22.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/> 23.\" Date: June 30, 2000 24.\" Manual: BIND9 --- 8 unchanged lines hidden (view full) --- 33dnssec\-keygen \- DNSSEC key generation tool 34.SH "SYNOPSIS" 35.HP 14 36\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name} 37.SH "DESCRIPTION" 38.PP 39\fBdnssec\-keygen\fR 40generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845. |
| 41.PP 42The 43\fBname\fR 44of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated. |
|
| 41.SH "OPTIONS" 42.PP 43\-a \fIalgorithm\fR 44.RS 4 | 45.SH "OPTIONS" 46.PP 47\-a \fIalgorithm\fR 48.RS 4 |
| 45Selects the cryptographic algorithm. The value of | 49Selects the cryptographic algorithm. For DNSSEC keys, the value of |
| 46\fBalgorithm\fR | 50\fBalgorithm\fR |
| 47must be one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive. | 51must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive. |
| 48.sp 49Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. 50.sp 51Note 2: HMAC\-MD5 and DH automatically set the \-k flag. 52.RE 53.PP 54\-b \fIkeysize\fR 55.RS 4 | 52.sp 53Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory. 54.sp 55Note 2: HMAC\-MD5 and DH automatically set the \-k flag. 56.RE 57.PP 58\-b \fIkeysize\fR 59.RS 4 |
| 56Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits. | 60Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits. |
| 57.RE 58.PP 59\-n \fInametype\fR 60.RS 4 61Specifies the owner type of the key. The value of 62\fBnametype\fR 63must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation. 64.RE --- 119 unchanged lines hidden (view full) --- 184and 185\fIKexample.com.+003+26160.private\fR. 186.SH "SEE ALSO" 187.PP 188\fBdnssec\-signzone\fR(8), 189BIND 9 Administrator Reference Manual, 190RFC 2539, 191RFC 2845, | 61.RE 62.PP 63\-n \fInametype\fR 64.RS 4 65Specifies the owner type of the key. The value of 66\fBnametype\fR 67must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation. 68.RE --- 119 unchanged lines hidden (view full) --- 188and 189\fIKexample.com.+003+26160.private\fR. 190.SH "SEE ALSO" 191.PP 192\fBdnssec\-signzone\fR(8), 193BIND 9 Administrator Reference Manual, 194RFC 2539, 195RFC 2845, |
| 192RFC 4033. | 196RFC 4034. |
| 193.SH "AUTHOR" 194.PP 195Internet Systems Consortium 196.SH "COPYRIGHT" | 197.SH "AUTHOR" 198.PP 199Internet Systems Consortium 200.SH "COPYRIGHT" |
| 197Copyright \(co 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC") | 201Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC") |
| 198.br 199Copyright \(co 2000\-2003 Internet Software Consortium. 200.br | 202.br 203Copyright \(co 2000\-2003 Internet Software Consortium. 204.br |