← Back to branch summary

~kernevil/ubuntu/trusty/bind9/sdlz-hmac-keys

« back to all changes in this revision

Viewing changes to doc/arm/man.dnssec-keygen.html

  • Committer: Package Import Robot
  • Author(s): LaMont Jones, Matthew Grant, LaMont Jones
  • Date: 2012-10-29 08:37:49 UTC
  • mfrom: (1.9.2)
  • Revision ID: package-import@ubuntu.com-20121029083749-r9inpzl0yuj9xdlu
Tags: 1:9.8.4.dfsg-1
[Matthew Grant]

* Turn off dlopen as it was causing test compile failures.
* Add missing library .postrm files for debhelper

[LaMont Jones]

* New upstream version
* soname fixup
* Ack NMUs

Show diffs side-by-side

added added

removed removed

Lines of Context:
doc/arm/man.dnssec-keygen.html
1
1
<!--
2
 
 - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
 
2
 - Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
3
3
 - Copyright (C) 2000-2003 Internet Software Consortium.
4
4
 - 
5
5
 - Permission to use, copy, modify, and/or distribute this software for any
14
14
 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15
15
 - PERFORMANCE OF THIS SOFTWARE.
16
16
-->
17
 
<!-- $Id: man.dnssec-keygen.html,v 1.179.8.10 2011-08-03 02:35:10 tbox Exp $ -->
 
17
<!-- $Id$ -->
18
18
<html>
19
19
<head>
20
20
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
50
50
<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
51
51
</div>
52
52
<div class="refsect1" lang="en">
53
 
<a name="id2614380"></a><h2>DESCRIPTION</h2>
 
53
<a name="id2613979"></a><h2>DESCRIPTION</h2>
54
54
<p><span><strong class="command">dnssec-keygen</strong></span>
55
55
      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
56
56
      and RFC 4034.  It can also generate keys for use with
64
64
    </p>
65
65
</div>
66
66
<div class="refsect1" lang="en">
67
 
<a name="id2614401"></a><h2>OPTIONS</h2>
 
67
<a name="id2614068"></a><h2>OPTIONS</h2>
68
68
<div class="variablelist"><dl>
69
69
<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
70
70
<dd>
71
71
<p>
72
72
            Selects the cryptographic algorithm.  For DNSSEC keys, the value
73
73
            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
74
 
            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
 
74
            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
 
75
            ECDSAP256SHA256 or ECDSAP384SHA384.
75
76
            For TSIG/TKEY, the value must
76
77
            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
77
78
            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
102
103
            between 512 and 2048 bits.  Diffie Hellman keys must be between
103
104
            128 and 4096 bits.  DSA keys must be between 512 and 1024
104
105
            bits and an exact multiple of 64.  HMAC keys must be
105
 
            between 1 and 512 bits.
 
106
            between 1 and 512 bits. Elliptic curve algorithms don't need
 
107
            this parameter.
106
108
          </p>
107
109
<p>
108
110
            The key size does not need to be specified if using a default
129
131
            Use an NSEC3-capable algorithm to generate a DNSSEC key.
130
132
            If this option is used and no algorithm is explicitly
131
133
            set on the command line, NSEC3RSASHA1 will be used by
132
 
            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
 
134
            default. Note that RSASHA256, RSASHA512, ECCGOST,
 
135
            ECDSAP256SHA256 and ECDSAP384SHA384 algorithms
133
136
            are NSEC3-capable.
134
137
          </p></dd>
135
138
<dt><span class="term">-C</span></dt>
266
269
</dl></div>
267
270
</div>
268
271
<div class="refsect1" lang="en">
269
 
<a name="id2667754"></a><h2>TIMING OPTIONS</h2>
 
272
<a name="id2666124"></a><h2>TIMING OPTIONS</h2>
270
273
<p>
271
274
      Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
272
275
      If the argument begins with a '+' or '-', it is interpreted as
337
340
</dl></div>
338
341
</div>
339
342
<div class="refsect1" lang="en">
340
 
<a name="id2667944"></a><h2>GENERATED KEYS</h2>
 
343
<a name="id2666314"></a><h2>GENERATED KEYS</h2>
341
344
<p>
342
345
      When <span><strong class="command">dnssec-keygen</strong></span> completes
343
346
      successfully,
383
386
    </p>
384
387
</div>
385
388
<div class="refsect1" lang="en">
386
 
<a name="id2668052"></a><h2>EXAMPLE</h2>
 
389
<a name="id2666422"></a><h2>EXAMPLE</h2>
387
390
<p>
388
391
      To generate a 768-bit DSA key for the domain
389
392
      <strong class="userinput"><code>example.com</code></strong>, the following command would be
404
407
    </p>
405
408
</div>
406
409
<div class="refsect1" lang="en">
407
 
<a name="id2668245"></a><h2>SEE ALSO</h2>
 
410
<a name="id2666478"></a><h2>SEE ALSO</h2>
408
411
<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
409
412
      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
410
413
      <em class="citetitle">RFC 2539</em>,
413
416
    </p>
414
417
</div>
415
418
<div class="refsect1" lang="en">
416
 
<a name="id2668276"></a><h2>AUTHOR</h2>
 
419
<a name="id2666509"></a><h2>AUTHOR</h2>
417
420
<p><span class="corpauthor">Internet Systems Consortium</span>
418
421
    </p>
419
422
</div>