summaryrefslogtreecommitdiff
path: root/bin/dnssec/dnssec-keygen.html
diff options
context:
space:
mode:
Diffstat (limited to 'bin/dnssec/dnssec-keygen.html')
-rw-r--r--bin/dnssec/dnssec-keygen.html63
1 files changed, 31 insertions, 32 deletions
diff --git a/bin/dnssec/dnssec-keygen.html b/bin/dnssec/dnssec-keygen.html
index b90939d9..cd72fb22 100644
--- a/bin/dnssec/dnssec-keygen.html
+++ b/bin/dnssec/dnssec-keygen.html
@@ -15,7 +15,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
-<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.3 2004/03/08 04:04:17 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.5.2.1.4.5 2004/06/11 02:32:45 marka Exp $ -->
<HTML
><HEAD
@@ -109,6 +109,9 @@ CLASS="OPTION"
>-h</TT
>] [<TT
CLASS="OPTION"
+>-k</TT
+>] [<TT
+CLASS="OPTION"
>-p <TT
CLASS="REPLACEABLE"
><I
@@ -152,7 +155,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN51"
+NAME="AEN53"
></A
><H2
>DESCRIPTION</H2
@@ -161,7 +164,7 @@ NAME="AEN51"
CLASS="COMMAND"
>dnssec-keygen</B
> generates keys for DNSSEC
- (Secure DNS), as defined in RFC 2535. It can also generate
+ (Secure DNS), as defined in RFC 2535 and RFC &lt;TBA\&gt;. It can also generate
keys for use with TSIG (Transaction Signatures), as
defined in RFC 2845.
</P
@@ -169,7 +172,7 @@ CLASS="COMMAND"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN55"
+NAME="AEN57"
></A
><H2
>OPTIONS</H2
@@ -191,13 +194,16 @@ CLASS="REPLACEABLE"
<TT
CLASS="OPTION"
>algorithm</TT
-> must be one of RSAMD5 or RSA,
+> must be one of RSAMD5 (RSA) or RSASHA1,
DSA, DH (Diffie Hellman), or HMAC-MD5. These values
are case insensitive.
</P
><P
-> Note that for DNSSEC, DSA is a mandatory to implement algorithm,
- and RSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+> Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm,
+ and DSA is recommended. For TSIG, HMAC-MD5 is mandatory.
+ </P
+><P
+> Note 2: HMAC-MD5 and DH automatically set the -k flag.
</P
></DD
><DT
@@ -210,7 +216,7 @@ CLASS="REPLACEABLE"
><DD
><P
> Specifies the number of bits in the key. The choice of key
- size depends on the algorithm used. RSA keys must be between
+ size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between
512 and 2048 bits. Diffie Hellman keys must be between
128 and 4096 bits. DSA keys must be between 512 and 1024
bits and an exact multiple of 64. HMAC-MD5 keys must be
@@ -231,8 +237,8 @@ CLASS="REPLACEABLE"
CLASS="OPTION"
>nametype</TT
> must either be ZONE (for a DNSSEC
- zone key), HOST or ENTITY (for a key associated with a host),
- or USER (for a key associated with a user). These values are
+ zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)),
+ USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are
case insensitive.
</P
></DD
@@ -253,7 +259,7 @@ CLASS="REPLACEABLE"
>-e</DT
><DD
><P
-> If generating an RSA key, use a large exponent.
+> If generating an RSAMD5/RSASHA1 key, use a large exponent.
</P
></DD
><DT
@@ -265,8 +271,8 @@ CLASS="REPLACEABLE"
></DT
><DD
><P
-> Set the specified flag in the flag field of the key record.
- The only recognized flag is KSK (Key Signing Key).
+> Set the specified flag in the flag field of the KEY/DNSKEY record.
+ The only recognized flag is KSK (Key Signing Key) DNSKEY.
</P
></DD
><DT
@@ -296,6 +302,13 @@ CLASS="COMMAND"
</P
></DD
><DT
+>-k</DT
+><DD
+><P
+> Generate KEY records rather than DNSKEY records.
+ </P
+></DD
+><DT
>-p <TT
CLASS="REPLACEABLE"
><I
@@ -388,7 +401,7 @@ CLASS="REPLACEABLE"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN129"
+NAME="AEN136"
></A
><H2
>GENERATED KEYS</H2
@@ -484,7 +497,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN156"
+NAME="AEN163"
></A
><H2
>EXAMPLE</H2
@@ -535,7 +548,7 @@ CLASS="FILENAME"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN169"
+NAME="AEN176"
></A
><H2
>SEE ALSO</H2
@@ -544,20 +557,6 @@ NAME="AEN169"
CLASS="CITEREFENTRY"
><SPAN
CLASS="REFENTRYTITLE"
->dnssec-makekeyset</SPAN
->(8)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
->dnssec-signkey</SPAN
->(8)</SPAN
->,
- <SPAN
-CLASS="CITEREFENTRY"
-><SPAN
-CLASS="REFENTRYTITLE"
>dnssec-signzone</SPAN
>(8)</SPAN
>,
@@ -582,12 +581,12 @@ CLASS="CITETITLE"
><DIV
CLASS="REFSECT1"
><A
-NAME="AEN185"
+NAME="AEN186"
></A
><H2
>AUTHOR</H2
><P
-> Internet Software Consortium
+> Internet Systems Consortium
</P
></DIV
></BODY
generated by cgit v1.2.3 (git 2.39.1) at 2025-03-04 17:52:14 +0000