2 - Copyright (C) 2009, 2011, 2014, 2015 Internet Systems Consortium, Inc. ("ISC")
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
17 <!-- Converted by db4-upgrade version 1.0 -->
18 <refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
20 <date>2011-10-20</date>
24 <refentrytitle><application>dnssec-revoke</application></refentrytitle>
25 <manvolnum>8</manvolnum>
26 <refmiscinfo>BIND9</refmiscinfo>
30 <refname><application>dnssec-revoke</application></refname>
31 <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
40 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
45 <cmdsynopsis sepchar=" ">
46 <command>dnssec-revoke</command>
47 <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
48 <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
49 <arg choice="opt" rep="norepeat"><option>-V</option></arg>
50 <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
51 <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
52 <arg choice="opt" rep="norepeat"><option>-f</option></arg>
53 <arg choice="opt" rep="norepeat"><option>-R</option></arg>
54 <arg choice="req" rep="norepeat">keyfile</arg>
58 <refsection><info><title>DESCRIPTION</title></info>
60 <para><command>dnssec-revoke</command>
61 reads a DNSSEC key file, sets the REVOKED bit on the key as defined
62 in RFC 5011, and creates a new pair of key files containing the
67 <refsection><info><title>OPTIONS</title></info>
75 Emit usage message and exit.
81 <term>-K <replaceable class="parameter">directory</replaceable></term>
84 Sets the directory in which the key files are to reside.
93 After writing the new keyset files remove the original keyset
100 <term>-v <replaceable class="parameter">level</replaceable></term>
103 Sets the debugging level.
112 Prints version information.
118 <term>-E <replaceable class="parameter">engine</replaceable></term>
121 Use the given OpenSSL engine. When compiled with PKCS#11 support
122 it defaults to pkcs11; the empty name resets it to no engine.
131 Force overwrite: Causes <command>dnssec-revoke</command> to
132 write the new key pair even if a file already exists matching
133 the algorithm and key ID of the revoked key.
142 Print the key tag of the key with the REVOKE bit set but do
150 <refsection><info><title>SEE ALSO</title></info>
153 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
155 <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
156 <citetitle>RFC 5011</citetitle>.