diff options
Diffstat (limited to 'doc/man/dnssec-revoke.8in')
| -rw-r--r-- | doc/man/dnssec-revoke.8in | 86 |
1 files changed, 86 insertions, 0 deletions
diff --git a/doc/man/dnssec-revoke.8in b/doc/man/dnssec-revoke.8in new file mode 100644 index 0000000..2b40587 --- /dev/null +++ b/doc/man/dnssec-revoke.8in @@ -0,0 +1,86 @@ +.\" Man page generated from reStructuredText. +. +. +.nr rst2man-indent-level 0 +. +.de1 rstReportMargin +\\$1 \\n[an-margin] +level \\n[rst2man-indent-level] +level margin: \\n[rst2man-indent\\n[rst2man-indent-level]] +- +\\n[rst2man-indent0] +\\n[rst2man-indent1] +\\n[rst2man-indent2] +.. +.de1 INDENT +.\" .rstReportMargin pre: +. RS \\$1 +. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin] +. nr rst2man-indent-level +1 +.\" .rstReportMargin post: +.. +.de UNINDENT +. RE +.\" indent \\n[an-margin] +.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]] +.nr rst2man-indent-level -1 +.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]] +.in \\n[rst2man-indent\\n[rst2man-indent-level]]u +.. +.TH "DNSSEC-REVOKE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9" +.SH NAME +dnssec-revoke \- set the REVOKED bit on a DNSSEC key +.SH SYNOPSIS +.sp +\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile} +.SH DESCRIPTION +.sp +\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the +key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files +containing the now\-revoked key. +.SH OPTIONS +.INDENT 0.0 +.TP +.B \fB\-h\fP +This option emits a usage message and exits. +.TP +.B \fB\-K directory\fP +This option sets the directory in which the key files are to reside. +.TP +.B \fB\-r\fP +This option indicates to remove the original keyset files after writing the new keyset files. +.TP +.B \fB\-v level\fP +This option sets the debugging level. +.TP +.B \fB\-V\fP +This option prints version information. +.TP +.B \fB\-E engine\fP +This option specifies the cryptographic hardware to use, when applicable. +.sp +When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL +engine identifier that drives the cryptographic accelerator or +hardware service module (usually \fBpkcs11\fP). When BIND is +built with native PKCS#11 cryptography (\fB\-\-enable\-native\-pkcs11\fP), it +defaults to the path of the PKCS#11 provider library specified via +\fB\-\-with\-pkcs11\fP\&. +.TP +.B \fB\-f\fP +This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair, +even if a file already exists matching the algorithm and key ID of +the revoked key. +.TP +.B \fB\-R\fP +This option prints the key tag of the key with the REVOKE bit set, but does not +revoke the key. +.UNINDENT +.SH SEE ALSO +.sp +\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&. +.SH AUTHOR +Internet Systems Consortium +.SH COPYRIGHT +2023, Internet Systems Consortium +.\" Generated by docutils manpage writer. +. |