1224090Sdougb<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
2224090Sdougb               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
3224090Sdougb               [<!ENTITY mdash "&#8212;">]>
4224090Sdougb<!--
5234010Sdougb - Copyright (C) 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
6224090Sdougb -
7224090Sdougb - Permission to use, copy, modify, and/or distribute this software for any
8224090Sdougb - purpose with or without fee is hereby granted, provided that the above
9224090Sdougb - copyright notice and this permission notice appear in all copies.
10224090Sdougb -
11224090Sdougb - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12224090Sdougb - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13224090Sdougb - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14224090Sdougb - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15224090Sdougb - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16224090Sdougb - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17224090Sdougb - PERFORMANCE OF THIS SOFTWARE.
18224090Sdougb-->
19224090Sdougb
20254897Serwin<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
21224090Sdougb<refentry id="man.dnssec-revoke">
22224090Sdougb  <refentryinfo>
23224090Sdougb    <date>June 1, 2009</date>
24224090Sdougb  </refentryinfo>
25224090Sdougb
26224090Sdougb  <refmeta>
27224090Sdougb    <refentrytitle><application>dnssec-revoke</application></refentrytitle>
28224090Sdougb    <manvolnum>8</manvolnum>
29224090Sdougb    <refmiscinfo>BIND9</refmiscinfo>
30224090Sdougb  </refmeta>
31224090Sdougb
32224090Sdougb  <refnamediv>
33224090Sdougb    <refname><application>dnssec-revoke</application></refname>
34224090Sdougb    <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
35224090Sdougb  </refnamediv>
36224090Sdougb
37224090Sdougb  <docinfo>
38224090Sdougb    <copyright>
39224090Sdougb      <year>2009</year>
40234010Sdougb      <year>2011</year>
41224090Sdougb      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
42224090Sdougb    </copyright>
43224090Sdougb  </docinfo>
44224090Sdougb
45224090Sdougb  <refsynopsisdiv>
46224090Sdougb    <cmdsynopsis>
47224090Sdougb      <command>dnssec-revoke</command>
48224090Sdougb      <arg><option>-hr</option></arg>
49224090Sdougb      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
50224090Sdougb      <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
51224090Sdougb      <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
52224090Sdougb      <arg><option>-f</option></arg>
53234010Sdougb      <arg><option>-R</option></arg>
54224090Sdougb      <arg choice="req">keyfile</arg>
55224090Sdougb    </cmdsynopsis>
56224090Sdougb  </refsynopsisdiv>
57224090Sdougb
58224090Sdougb  <refsect1>
59224090Sdougb    <title>DESCRIPTION</title>
60224090Sdougb    <para><command>dnssec-revoke</command>
61224090Sdougb      reads a DNSSEC key file, sets the REVOKED bit on the key as defined
62224090Sdougb      in RFC 5011, and creates a new pair of key files containing the
63224090Sdougb      now-revoked key.
64224090Sdougb    </para>
65224090Sdougb  </refsect1>
66224090Sdougb
67224090Sdougb  <refsect1>
68224090Sdougb    <title>OPTIONS</title>
69224090Sdougb
70224090Sdougb    <variablelist>
71224090Sdougb      <varlistentry>
72224090Sdougb	<term>-h</term>
73224090Sdougb        <listitem>
74224090Sdougb	  <para>
75224090Sdougb	    Emit usage message and exit.
76224090Sdougb	  </para>
77224090Sdougb        </listitem>
78224090Sdougb      </varlistentry>
79224090Sdougb  
80224090Sdougb      <varlistentry>
81224090Sdougb        <term>-K <replaceable class="parameter">directory</replaceable></term>
82224090Sdougb        <listitem>
83224090Sdougb          <para>
84224090Sdougb            Sets the directory in which the key files are to reside.
85224090Sdougb          </para>
86224090Sdougb        </listitem>
87224090Sdougb      </varlistentry>
88224090Sdougb
89224090Sdougb      <varlistentry>
90224090Sdougb	<term>-r</term>
91224090Sdougb        <listitem>
92224090Sdougb	  <para>
93224090Sdougb	    After writing the new keyset files remove the original keyset
94224090Sdougb	    files.
95224090Sdougb	  </para>
96224090Sdougb        </listitem>
97224090Sdougb      </varlistentry>
98224090Sdougb
99224090Sdougb      <varlistentry>
100224090Sdougb        <term>-v <replaceable class="parameter">level</replaceable></term>
101224090Sdougb        <listitem>
102224090Sdougb          <para>
103224090Sdougb            Sets the debugging level.
104224090Sdougb          </para>
105224090Sdougb        </listitem>
106224090Sdougb      </varlistentry>
107224090Sdougb
108224090Sdougb      <varlistentry>
109224090Sdougb        <term>-E <replaceable class="parameter">engine</replaceable></term>
110224090Sdougb        <listitem>
111224090Sdougb          <para>
112224090Sdougb            Use the given OpenSSL engine. When compiled with PKCS#11 support
113224090Sdougb            it defaults to pkcs11; the empty name resets it to no engine.
114224090Sdougb          </para>
115224090Sdougb        </listitem>
116224090Sdougb      </varlistentry>
117224090Sdougb
118224090Sdougb      <varlistentry>
119224090Sdougb        <term>-f</term>
120224090Sdougb        <listitem>
121224090Sdougb          <para>
122224090Sdougb            Force overwrite: Causes <command>dnssec-revoke</command> to
123224090Sdougb            write the new key pair even if a file already exists matching
124224090Sdougb            the algorithm and key ID of the revoked key.
125224090Sdougb          </para>
126224090Sdougb        </listitem>
127224090Sdougb      </varlistentry>
128234010Sdougb
129234010Sdougb      <varlistentry>
130234010Sdougb        <term>-R</term>
131234010Sdougb        <listitem>
132234010Sdougb          <para>
133234010Sdougb	    Print the key tag of the key with the REVOKE bit set but do
134234010Sdougb	    not revoke the key.
135234010Sdougb          </para>
136234010Sdougb        </listitem>
137234010Sdougb      </varlistentry>
138224090Sdougb    </variablelist>
139224090Sdougb  </refsect1>
140224090Sdougb
141224090Sdougb  <refsect1>
142224090Sdougb    <title>SEE ALSO</title>
143224090Sdougb    <para><citerefentry>
144224090Sdougb        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
145224090Sdougb      </citerefentry>,
146224090Sdougb      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
147224090Sdougb      <citetitle>RFC 5011</citetitle>.
148224090Sdougb    </para>
149224090Sdougb  </refsect1>
150224090Sdougb
151224090Sdougb  <refsect1>
152224090Sdougb    <title>AUTHOR</title>
153224090Sdougb    <para><corpauthor>Internet Systems Consortium</corpauthor>
154224090Sdougb    </para>
155224090Sdougb  </refsect1>
156224090Sdougb
157224090Sdougb</refentry><!--
158224090Sdougb - Local variables:
159224090Sdougb - mode: sgml
160224090Sdougb - End:
161224090Sdougb-->
162