contrib/bind9/bin/dnssec/dnssec-revoke.docbook

   1 <!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
   2                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
   3                [<!ENTITY mdash "&#8212;">]>
   4 <!--
   5  - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
   6  -
   7  - Permission to use, copy, modify, and/or distribute this software for any
   8  - purpose with or without fee is hereby granted, provided that the above
   9  - copyright notice and this permission notice appear in all copies.
  10  -
  11  - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  12  - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  13  - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  14  - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  15  - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  16  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  17  - PERFORMANCE OF THIS SOFTWARE.
  18 -->
  19
  20 <!-- $Id: dnssec-revoke.docbook,v 1.7 2009-11-03 21:44:46 each Exp $ -->
  21 <refentry id="man.dnssec-revoke">
  22   <refentryinfo>
  23     <date>June 1, 2009</date>
  24   </refentryinfo>
  25
  26   <refmeta>
  27     <refentrytitle><application>dnssec-revoke</application></refentrytitle>
  28     <manvolnum>8</manvolnum>
  29     <refmiscinfo>BIND9</refmiscinfo>
  30   </refmeta>
  31
  32   <refnamediv>
  33     <refname><application>dnssec-revoke</application></refname>
  34     <refpurpose>Set the REVOKED bit on a DNSSEC key</refpurpose>
  35   </refnamediv>
  36
  37   <docinfo>
  38     <copyright>
  39       <year>2009</year>
  40       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
  41     </copyright>
  42   </docinfo>
  43
  44   <refsynopsisdiv>
  45     <cmdsynopsis>
  46       <command>dnssec-revoke</command>
  47       <arg><option>-hr</option></arg>
  48       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
  49       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
  50       <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
  51       <arg><option>-f</option></arg>
  52       <arg choice="req">keyfile</arg>
  53     </cmdsynopsis>
  54   </refsynopsisdiv>
  55
  56   <refsect1>
  57     <title>DESCRIPTION</title>
  58     <para><command>dnssec-revoke</command>
  59       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
  60       in RFC 5011, and creates a new pair of key files containing the
  61       now-revoked key.
  62     </para>
  63   </refsect1>
  64
  65   <refsect1>
  66     <title>OPTIONS</title>
  67
  68     <variablelist>
  69       <varlistentry>
  70         <term>-h</term>
  71         <listitem>
  72           <para>
  73             Emit usage message and exit.
  74           </para>
  75         </listitem>
  76       </varlistentry>
  77
  78       <varlistentry>
  79         <term>-K <replaceable class="parameter">directory</replaceable></term>
  80         <listitem>
  81           <para>
  82             Sets the directory in which the key files are to reside.
  83           </para>
  84         </listitem>
  85       </varlistentry>
  86
  87       <varlistentry>
  88         <term>-r</term>
  89         <listitem>
  90           <para>
  91             After writing the new keyset files remove the original keyset
  92             files.
  93           </para>
  94         </listitem>
  95       </varlistentry>
  96
  97       <varlistentry>
  98         <term>-v <replaceable class="parameter">level</replaceable></term>
  99         <listitem>
 100           <para>
 101             Sets the debugging level.
 102           </para>
 103         </listitem>
 104       </varlistentry>
 105
 106       <varlistentry>
 107         <term>-E <replaceable class="parameter">engine</replaceable></term>
 108         <listitem>
 109           <para>
 110             Use the given OpenSSL engine. When compiled with PKCS#11 support
 111             it defaults to pkcs11; the empty name resets it to no engine.
 112           </para>
 113         </listitem>
 114       </varlistentry>
 115
 116       <varlistentry>
 117         <term>-f</term>
 118         <listitem>
 119           <para>
 120             Force overwrite: Causes <command>dnssec-revoke</command> to
 121             write the new key pair even if a file already exists matching
 122             the algorithm and key ID of the revoked key.
 123           </para>
 124         </listitem>
 125       </varlistentry>
 126     </variablelist>
 127   </refsect1>
 128
 129   <refsect1>
 130     <title>SEE ALSO</title>
 131     <para><citerefentry>
 132         <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
 133       </citerefentry>,
 134       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
 135       <citetitle>RFC 5011</citetitle>.
 136     </para>
 137   </refsect1>
 138
 139   <refsect1>
 140     <title>AUTHOR</title>
 141     <para><corpauthor>Internet Systems Consortium</corpauthor>
 142     </para>
 143   </refsect1>
 144
 145 </refentry><!--
 146  - Local variables:
 147  - mode: sgml
 148  - End:
 149 -->