dnssec-keyfromlabel man page on SunOS

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
SunOS logo
[printable version]

dnssec-keyfromlabel(1M) System Administration Commands dnssec-keyfromlabel(1M)

NAME
       dnssec-keyfromlabel - DNSSEC key generation tool

SYNOPSIS
       dnssec-keyfromlabel -a algorithm -l label [-c class] [-f flag] [-k]
	    [-n nametype] [-p protocol] [-t type] [-v level] name

DESCRIPTION
       dnssec-keyfromlabel retrieves keys with a specified label from a crypto
       hardware device and builds  key	files  for  DNSSEC  (Secure  DNS),  as
       defined in RFC 2535 and RFC 4034.

OPTIONS
       The following options are supported:

       -a algorithm

	   Selects the cryptographic algorithm. The value of algorithm must be
	   one of RSAMD5 (RSA) or RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, or  DH
	   (Diffie-Hellman). These values are case-insensitive.

	   Note	 that  for  DNSSEC,  RSASHA1 is a mandatory-to-implement algo‐
	   rithm, and DSA is recommended. Note also that DH automatically sets
	   the -k flag.

       -l label

	   Specifies  the  label  of  keys  in	the  crypto hardware (PKCS#11)
	   device.

       -n nametype

	   Specifies the owner type of the key. The  value  of	nametype  must
	   either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY
	   (for a key associated with a host (KEY)), USER (for a  key  associ‐
	   ated	 with a user (KEY)), or OTHER (DNSKEY). These values are case-
	   insensitive.

       -c class

	   Indicates that the DNS record containing the key  should  have  the
	   specified class. If not specified, class IN is used.

       -f flag

	   Set	the specified flag in the flag field of the KEY/DNSKEY record.
	   The only recognized flag is KSK (Key Signing Key) DNSKEY.

       -h

	   Displays a short summary of the options and	arguments  to  dnssec-
	   keyfromlabel.

       -k

	   Generate KEY records rather than DNSKEY records.

       -p protocol

	   Sets	 the  protocol	value for the generated key. The protocol is a
	   number between 0 and 255. The default is 3 (DNSSEC). Other possible
	   values for this argument are listed in RFC 2535 and its successors.

       -t type

	   Indicates the use of the key. type must be one of AUTHCONF, NOAUTH‐
	   CONF, NOAUTH, or NOCONF. The default is AUTHCONF.  AUTH  refers  to
	   the	ability	 to authenticate data, and CONF the ability to encrypt
	   data.

       -v level

	   Sets the debugging level.

GENERATED KEY FILES
       When dnssec-keyfromlabel completes successfully, it displays  a	string
       of the form Knnnn.+aaa+iiiii to the standard output. This is an identi‐
       fication string for the key files it has generated, which translates as
       follows.

	   o	  nnnn is the key name.

	   o	  aaa is the numeric representation of the algorithm.

	   o	  iiiii is the key identifier (or footprint).

       dnssec-keyfromlabel  creates  two  files,  with names based on the dis‐
       played string.	Knnnn.+aaa+iiiii.key  contains	the  public  key,  and
       Knnnn.+aaa+iiiii.private contains the private key.

       The  first  file	 contains a DNS KEY record that can be inserted into a
       zone file (directly or with an $INCLUDE statement).

       The second file contains algorithm-specific fields. For	obvious	 secu‐
       rity reasons, this file does not have general read permission.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Availability		     │service/network/dns/bind	   │
       ├─────────────────────────────┼─────────────────────────────┤
       │Interface Stability	     │Volatile			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       dnssec-keygen(1M), dnssec-signzone(1M), attributes(5)

       RFC 2539, RFC 2845, RFC 4033

       See the BIND 9 Administrator's Reference Manual. As of the date of pub‐
       lication	 of  this  man	 page,	 this	document   is	available   at
       https://www.isc.org/software/bind/documentation.

SunOS 5.10			  11 Jan 2010	       dnssec-keyfromlabel(1M)
[top]

List of man pages available for SunOS

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net