summaryrefslogtreecommitdiffstats
path: root/doc/man/dnssec-revoke.8in
diff options
context:
space:
mode:
Diffstat (limited to 'doc/man/dnssec-revoke.8in')
-rw-r--r--doc/man/dnssec-revoke.8in86
1 files changed, 86 insertions, 0 deletions
diff --git a/doc/man/dnssec-revoke.8in b/doc/man/dnssec-revoke.8in
new file mode 100644
index 0000000..2b40587
--- /dev/null
+++ b/doc/man/dnssec-revoke.8in
@@ -0,0 +1,86 @@
+.\" Man page generated from reStructuredText.
+.
+.
+.nr rst2man-indent-level 0
+.
+.de1 rstReportMargin
+\\$1 \\n[an-margin]
+level \\n[rst2man-indent-level]
+level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
+-
+\\n[rst2man-indent0]
+\\n[rst2man-indent1]
+\\n[rst2man-indent2]
+..
+.de1 INDENT
+.\" .rstReportMargin pre:
+. RS \\$1
+. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
+. nr rst2man-indent-level +1
+.\" .rstReportMargin post:
+..
+.de UNINDENT
+. RE
+.\" indent \\n[an-margin]
+.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.nr rst2man-indent-level -1
+.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
+.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
+..
+.TH "DNSSEC-REVOKE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
+.SH NAME
+dnssec-revoke \- set the REVOKED bit on a DNSSEC key
+.SH SYNOPSIS
+.sp
+\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
+.SH DESCRIPTION
+.sp
+\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
+key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files
+containing the now\-revoked key.
+.SH OPTIONS
+.INDENT 0.0
+.TP
+.B \fB\-h\fP
+This option emits a usage message and exits.
+.TP
+.B \fB\-K directory\fP
+This option sets the directory in which the key files are to reside.
+.TP
+.B \fB\-r\fP
+This option indicates to remove the original keyset files after writing the new keyset files.
+.TP
+.B \fB\-v level\fP
+This option sets the debugging level.
+.TP
+.B \fB\-V\fP
+This option prints version information.
+.TP
+.B \fB\-E engine\fP
+This option specifies the cryptographic hardware to use, when applicable.
+.sp
+When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
+engine identifier that drives the cryptographic accelerator or
+hardware service module (usually \fBpkcs11\fP). When BIND is
+built with native PKCS#11 cryptography (\fB\-\-enable\-native\-pkcs11\fP), it
+defaults to the path of the PKCS#11 provider library specified via
+\fB\-\-with\-pkcs11\fP\&.
+.TP
+.B \fB\-f\fP
+This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair,
+even if a file already exists matching the algorithm and key ID of
+the revoked key.
+.TP
+.B \fB\-R\fP
+This option prints the key tag of the key with the REVOKE bit set, but does not
+revoke the key.
+.UNINDENT
+.SH SEE ALSO
+.sp
+\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
+.SH AUTHOR
+Internet Systems Consortium
+.SH COPYRIGHT
+2023, Internet Systems Consortium
+.\" Generated by docutils manpage writer.
+.