/contrib/bind9/bin/dnssec/dnssec-revoke.docbook
Unknown | 161 lines | 144 code | 17 blank | 0 comment | 0 complexity | 6f8b63ae0323bf8d6a94ae1ab094eee5 MD5 | raw file
1<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN" 2 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" 3 [<!ENTITY mdash "—">]> 4<!-- 5 - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC") 6 - 7 - Permission to use, copy, modify, and/or distribute this software for any 8 - purpose with or without fee is hereby granted, provided that the above 9 - copyright notice and this permission notice appear in all copies. 10 - 11 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 12 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 13 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 14 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 15 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 16 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 17 - PERFORMANCE OF THIS SOFTWARE. 18--> 19 20<!-- $Id: dnssec-revoke.docbook,v 1.7.266.2 2011/10/20 23:46:27 tbox Exp $ --> 21<refentry id="man.dnssec-revoke"> 22 <refentryinfo> 23 <date>June 1, 2009</date> 24 </refentryinfo> 25 26 <refmeta> 27 <refentrytitle><application>dnssec-revoke</application></refentrytitle> 28 <manvolnum>8</manvolnum> 29 <refmiscinfo>BIND9</refmiscinfo> 30 </refmeta> 31 32 <refnamediv> 33 <refname><application>dnssec-revoke</application></refname> 34 <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose> 35 </refnamediv> 36 37 <docinfo> 38 <copyright> 39 <year>2009</year> 40 <year>2011</year> 41 <holder>Internet Systems Consortium, Inc. ("ISC")</holder> 42 </copyright> 43 </docinfo> 44 45 <refsynopsisdiv> 46 <cmdsynopsis> 47 <command>dnssec-revoke</command> 48 <arg><option>-hr</option></arg> 49 <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg> 50 <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg> 51 <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg> 52 <arg><option>-f</option></arg> 53 <arg><option>-R</option></arg> 54 <arg choice="req">keyfile</arg> 55 </cmdsynopsis> 56 </refsynopsisdiv> 57 58 <refsect1> 59 <title>DESCRIPTION</title> 60 <para><command>dnssec-revoke</command> 61 reads a DNSSEC key file, sets the REVOKED bit on the key as defined 62 in RFC 5011, and creates a new pair of key files containing the 63 now-revoked key. 64 </para> 65 </refsect1> 66 67 <refsect1> 68 <title>OPTIONS</title> 69 70 <variablelist> 71 <varlistentry> 72 <term>-h</term> 73 <listitem> 74 <para> 75 Emit usage message and exit. 76 </para> 77 </listitem> 78 </varlistentry> 79 80 <varlistentry> 81 <term>-K <replaceable class="parameter">directory</replaceable></term> 82 <listitem> 83 <para> 84 Sets the directory in which the key files are to reside. 85 </para> 86 </listitem> 87 </varlistentry> 88 89 <varlistentry> 90 <term>-r</term> 91 <listitem> 92 <para> 93 After writing the new keyset files remove the original keyset 94 files. 95 </para> 96 </listitem> 97 </varlistentry> 98 99 <varlistentry> 100 <term>-v <replaceable class="parameter">level</replaceable></term> 101 <listitem> 102 <para> 103 Sets the debugging level. 104 </para> 105 </listitem> 106 </varlistentry> 107 108 <varlistentry> 109 <term>-E <replaceable class="parameter">engine</replaceable></term> 110 <listitem> 111 <para> 112 Use the given OpenSSL engine. When compiled with PKCS#11 support 113 it defaults to pkcs11; the empty name resets it to no engine. 114 </para> 115 </listitem> 116 </varlistentry> 117 118 <varlistentry> 119 <term>-f</term> 120 <listitem> 121 <para> 122 Force overwrite: Causes <command>dnssec-revoke</command> to 123 write the new key pair even if a file already exists matching 124 the algorithm and key ID of the revoked key. 125 </para> 126 </listitem> 127 </varlistentry> 128 129 <varlistentry> 130 <term>-R</term> 131 <listitem> 132 <para> 133 Print the key tag of the key with the REVOKE bit set but do 134 not revoke the key. 135 </para> 136 </listitem> 137 </varlistentry> 138 </variablelist> 139 </refsect1> 140 141 <refsect1> 142 <title>SEE ALSO</title> 143 <para><citerefentry> 144 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum> 145 </citerefentry>, 146 <citetitle>BIND 9 Administrator Reference Manual</citetitle>, 147 <citetitle>RFC 5011</citetitle>. 148 </para> 149 </refsect1> 150 151 <refsect1> 152 <title>AUTHOR</title> 153 <para><corpauthor>Internet Systems Consortium</corpauthor> 154 </para> 155 </refsect1> 156 157</refentry><!-- 158 - Local variables: 159 - mode: sgml 160 - End: 161-->