Penguin
Note: You are viewing an old revision of this page. View the current version.

NAME

dnskeygen - generate public, private, and shared secret keys for DNS Security SYNOPSIS

dnskeygen [[

  • [DHR?

size ] [-F? -[zhu? [-a? [-c? [-p num?[-s num? -n name DESCRIPTION

Dnskeygen (DNS Key Generator) is a tool to generate and maintain keys for DNS Security within the DNS (Domain Name System). Dnskeygen can generate public and private keys to authenticate zone data, and shared secret keys to be used for Request/Transaction signatures.

  • D Dnskeygen will generate a DSA/DSS key. ``size''must be one of [512, 576, 640, 704, 768, 832,896, 960, 1024?.
  • HDnskeygen will generate an HMAC-MD5 key.``size must be between 128 and 504.-RDnskeygen will generate an RSA key. ``sizemust be between 512 and 4096.-F(RSA only) Use a large exponent for key genera-tion.-z -h -uThese flags define the type of key being gener-ated: Zone (DNS validation) key, Host (host orservice) key or User (e.g. email) key, respec-tively. Each key is only allowed to be one ofthese.-aIndicates that the key CANNOT be used for authen-tication.-cIndicates that the key CANNOT be used for encryp-tion.-p numSets the key's protocol field to num; the defaultis 3 (DNSSEC) if ``-z or ``-h is specifiedand 2 (EMAIL) otherwise. Other accepted valuesare 1 (TLS), 4 (IPSEC), and 255 (ANY).-s numSets the key's strength field to num; the defaultis 0.-n nameSets the key's name to name.DETAILSDnskeygen stores each key in two files:K__ and K The file K contains the private key in a portable format. The file K contains the public key in the DNS zone file format:

ENVIRONMENT

No environmental variables are used. SEE ALSO

RFC 2065 on secure DNS and the TSIG Internet Draft. AUTHOR

Olafur Gudmundsson (ogud@tis.com). ACKNOWLEDGMENTS

The underlying cryptographic math is done by the DNSSAFE and/or Foundation Toolkit libraries. BUGS

None are known at this time

4th Berkeley DistributionDecember? 2, 1998 1


This page is a man page (or other imported legacy content). We are unable to automatically determine the license status of this page.