Annotated edit history of
dnskeygen(1) version 2, including all changes.
View license author blame.
Rev |
Author |
# |
Line |
1 |
perry |
1 |
---- |
|
|
2 |
__NAME__ |
|
|
3 |
|
|
|
4 |
|
|
|
5 |
dnskeygen - generate public, private, and shared secret keys |
|
|
6 |
for DNS Security |
|
|
7 |
__SYNOPSIS__ |
|
|
8 |
|
|
|
9 |
|
|
|
10 |
dnskeygen [[ |
|
|
11 |
-[[DHR] |
|
|
12 |
size |
|
|
13 |
] [[-F] -[[zhu] [[-a] [[-c] [[-p num][[-s num] -n name |
|
|
14 |
__DESCRIPTION__ |
|
|
15 |
|
|
|
16 |
|
|
|
17 |
Dnskeygen (DNS Key Generator) is a tool to generate and |
|
|
18 |
maintain keys for DNS Security within the DNS (Domain Name |
|
|
19 |
System). Dnskeygen can generate public and private keys to |
|
|
20 |
authenticate zone data, and shared secret keys to be used |
|
|
21 |
for Request/Transaction signatures. |
|
|
22 |
-D Dnskeygen will generate a DSA/DSS key. ``size''must be one of [[512, 576, 640, 704, 768, 832,896, 960, 1024]. |
|
|
23 |
|
|
|
24 |
|
|
|
25 |
-HDnskeygen will generate an HMAC-MD5 key.``size'' must be between 128 and 504.-RDnskeygen will generate an RSA key. ``size''must be between 512 and 4096.-F(RSA only) Use a large exponent for key genera-tion.-z -h -uThese flags define the type of key being gener-ated: Zone (DNS validation) key, Host (host orservice) key or User (e.g. email) key, respec-tively. Each key is only allowed to be one ofthese.-aIndicates that the key CANNOT be used for authen-tication.-cIndicates that the key CANNOT be used for encryp-tion.-p numSets the key's protocol field to num; the defaultis 3 (DNSSEC) if ``-z'' or ``-h'' is specifiedand 2 (EMAIL) otherwise. Other accepted valuesare 1 (TLS), 4 (IPSEC), and 255 (ANY).-s numSets the key's strength field to num; the defaultis __0__.-n nameSets the key's name to name.__DETAILS__Dnskeygen stores each key in two files:K__ and K The file K contains the private key in a portable format. The file K contains the public key in the DNS zone file format: |
|
|
26 |
|
|
|
27 |
|
|
|
28 |
|
|
|
29 |
|
|
|
30 |
__ENVIRONMENT__ |
|
|
31 |
|
|
|
32 |
|
|
|
33 |
No environmental variables are used. |
|
|
34 |
__SEE ALSO__ |
|
|
35 |
|
|
|
36 |
|
|
|
37 |
''RFC 2065'' on secure DNS and the ''TSIG'' Internet |
|
|
38 |
Draft. |
|
|
39 |
__AUTHOR__ |
|
|
40 |
|
|
|
41 |
|
|
|
42 |
Olafur Gudmundsson (ogud@tis.com). |
|
|
43 |
__ACKNOWLEDGMENTS__ |
|
|
44 |
|
|
|
45 |
|
|
|
46 |
The underlying cryptographic math is done by the DNSSAFE |
|
|
47 |
and/or Foundation Toolkit libraries. |
|
|
48 |
__BUGS__ |
|
|
49 |
|
|
|
50 |
|
|
|
51 |
None are known at this time |
|
|
52 |
|
|
|
53 |
|
2 |
perry |
54 |
4th Berkeley !DistributionDecember 2, 1998 1 |
1 |
perry |
55 |
---- |
This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.