contrib/bind9/bin/dnssec/dnssec-revoke.docbook

   1 <!--
   2  - Copyright (C) 2009, 2011, 2014, 2015  Internet Systems Consortium, Inc. ("ISC")
   3  -
   4  - Permission to use, copy, modify, and/or distribute this software for any
   5  - purpose with or without fee is hereby granted, provided that the above
   6  - copyright notice and this permission notice appear in all copies.
   7  -
   8  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
   9  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  10  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  11  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  12  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  13  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  14  - PERFORMANCE OF THIS SOFTWARE.
  15 -->
  16
  17 <!-- Converted by db4-upgrade version 1.0 -->
  18 <refentry xmlns="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
  19   <info>
  20     <date>2011-10-20</date>
  21   </info>
  22
  23   <refmeta>
  24     <refentrytitle><application>dnssec-revoke</application></refentrytitle>
  25     <manvolnum>8</manvolnum>
  26     <refmiscinfo>BIND9</refmiscinfo>
  27   </refmeta>
  28
  29   <refnamediv>
  30     <refname><application>dnssec-revoke</application></refname>
  31     <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
  32   </refnamediv>
  33
  34   <docinfo>
  35     <copyright>
  36       <year>2009</year>
  37       <year>2011</year>
  38       <year>2014</year>
  39       <year>2015</year>
  40       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
  41     </copyright>
  42   </docinfo>
  43
  44   <refsynopsisdiv>
  45     <cmdsynopsis sepchar=" ">
  46       <command>dnssec-revoke</command>
  47       <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
  48       <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
  49       <arg choice="opt" rep="norepeat"><option>-V</option></arg>
  50       <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
  51       <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
  52       <arg choice="opt" rep="norepeat"><option>-f</option></arg>
  53       <arg choice="opt" rep="norepeat"><option>-R</option></arg>
  54       <arg choice="req" rep="norepeat">keyfile</arg>
  55     </cmdsynopsis>
  56   </refsynopsisdiv>
  57
  58   <refsection><info><title>DESCRIPTION</title></info>
  59
  60     <para><command>dnssec-revoke</command>
  61       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
  62       in RFC 5011, and creates a new pair of key files containing the
  63       now-revoked key.
  64     </para>
  65   </refsection>
  66
  67   <refsection><info><title>OPTIONS</title></info>
  68
  69
  70     <variablelist>
  71       <varlistentry>
  72         <term>-h</term>
  73         <listitem>
  74           <para>
  75             Emit usage message and exit.
  76           </para>
  77         </listitem>
  78       </varlistentry>
  79
  80       <varlistentry>
  81         <term>-K <replaceable class="parameter">directory</replaceable></term>
  82         <listitem>
  83           <para>
  84             Sets the directory in which the key files are to reside.
  85           </para>
  86         </listitem>
  87       </varlistentry>
  88
  89       <varlistentry>
  90         <term>-r</term>
  91         <listitem>
  92           <para>
  93             After writing the new keyset files remove the original keyset
  94             files.
  95           </para>
  96         </listitem>
  97       </varlistentry>
  98
  99       <varlistentry>
 100         <term>-v <replaceable class="parameter">level</replaceable></term>
 101         <listitem>
 102           <para>
 103             Sets the debugging level.
 104           </para>
 105         </listitem>
 106       </varlistentry>
 107
 108       <varlistentry>
 109         <term>-V</term>
 110         <listitem>
 111           <para>
 112             Prints version information.
 113           </para>
 114         </listitem>
 115       </varlistentry>
 116
 117       <varlistentry>
 118         <term>-E <replaceable class="parameter">engine</replaceable></term>
 119         <listitem>
 120           <para>
 121             Use the given OpenSSL engine. When compiled with PKCS#11 support
 122             it defaults to pkcs11; the empty name resets it to no engine.
 123           </para>
 124         </listitem>
 125       </varlistentry>
 126
 127       <varlistentry>
 128         <term>-f</term>
 129         <listitem>
 130           <para>
 131             Force overwrite: Causes <command>dnssec-revoke</command> to
 132             write the new key pair even if a file already exists matching
 133             the algorithm and key ID of the revoked key.
 134           </para>
 135         </listitem>
 136       </varlistentry>
 137
 138       <varlistentry>
 139         <term>-R</term>
 140         <listitem>
 141           <para>
 142             Print the key tag of the key with the REVOKE bit set but do
 143             not revoke the key.
 144           </para>
 145         </listitem>
 146       </varlistentry>
 147     </variablelist>
 148   </refsection>
 149
 150   <refsection><info><title>SEE ALSO</title></info>
 151
 152     <para><citerefentry>
 153         <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
 154       </citerefentry>,
 155       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
 156       <citetitle>RFC 5011</citetitle>.
 157     </para>
 158   </refsection>
 159
 160 </refentry>