dnssec-signkey man page on Solaris

Man page or keyword search:  
man Server   20652 pages
apropos Keyword Search (all sections)
Output format
Solaris logo
[printable version]

dnssec-signkey(1M)	System Administration Commands	    dnssec-signkey(1M)

NAME
       dnssec-signkey - DNSSEC key set signing tool

SYNOPSIS
       dnssec-signkey  [-ahp]  [-c  class]  [-e	 end-time]  [-r randomdev] [-s
       start-time] [-v level] keyset key...

DESCRIPTION
       The dnssec-signkey utility signs a keyset. Typically the keyset will be
       for a child zone and will have been generated by dnssec-makekeyset(1M).
       The child zone's keyset is signed with the zone	keys  for  its	parent
       zone. The output file is of the form signedkey-nnnn., where nnnn is the
       zone name.

OPTIONS
       The following options are supported:

       -a	       Verify all generated signatures.

       -c class	       Specify the DNS class of the key sets.

       -e end-time     Specify the  date  and  time  when  the	generated  SIG
		       records expire. As with start-time, an absolute time is
		       indicated in YYYYMMDDHHMMSS notation. A	time  relative
		       to the start time is indicated with +N, which is N sec‐
		       onds from the start time. A time relative to  the  cur‐
		       rent  time  is  indicated with now+N. If no end-time is
		       specified, 30 days from the start time  is  used	 as  a
		       default.

       -h	       Prints  a short summary of the options and arguments to
		       dnssec-signkey().

       -p	       Use pseudo-random data when signing the zone.  This  is
		       faster,	but  less secure, than using real random data.
		       This option may be useful when signing large  zones  or
		       when the entropy source is limited.

       -r randomdev    Specify the source of randomness. If the operating sys‐
		       tem  does  not  provide	a  /dev/random	or  equivalent
		       device,	the  default  source of randomness is keyboard
		       input. randomdev specifies  the	name  of  a  character
		       device  or  file	 containing  random  data  to  be used
		       instead of the  default.	 The  special  value  keyboard
		       indicates that keyboard input should be used.

       -s start-time   Specify	the  date  and	time  when  the	 generated SIG
		       records become valid. This can be either an absolute or
		       relative time. An absolute start time is indicated by a
		       number  in  YYYYMMDDHHMMSS   notation;	20000530144500
		       denotes	14:45:00  UTC  on  May	30th, 2000. A relative
		       start time is indicated by +N, which is N seconds  from
		       the  current  time.  If no start-time is specified, the
		       current time is used.

       -v level	       Set the debugging level.

OPERANDS
       The following operands are supported:

       key	       The keys used to sign the child's keyset.

       keyset	       The file containing the child's keyset.

EXAMPLES
       Example 1: Sign the keyset file for example.com.

       The DNS administrator for a DNSSEC-aware .com zone would use  the  fol‐
       lowing  command	to  sign  the  keyset  file for example.com created by
       dnssec-makekeyset with a key generated by dnssec-keygen:

       dnssec-signkey keyset-example.com. Kcom.+003+51944

       In this example, dnssec-signkey creates the file signedkey-example.com,
       which  contains	the  example.com  keys	and the signatures by the .com
       keys.

ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:

       ┌─────────────────────────────┬─────────────────────────────┐
       │      ATTRIBUTE TYPE	     │	    ATTRIBUTE VALUE	   │
       │Availability		     │SUNWbind9			   │
       │Interface Stability	     │External			   │
       └─────────────────────────────┴─────────────────────────────┘

SEE ALSO
       dnssec-keygen(1M),     dnssec-makekeyset(1M),	  dnssec-signzone(1M),
       attributes(5)

NOTES
       Source for BIND9 is available in the SUNWbind9S package.

SunOS 5.10			  15 Dec 2004		    dnssec-signkey(1M)
[top]

List of man pages available for Solaris

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net