blob: edb0c5f11781c0a1a9537652754f54f3a8432c8c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
.\" Man page generated from reStructuredText.
.
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.TH "DNSSEC-REVOKE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
.SH SYNOPSIS
.sp
\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
.SH DESCRIPTION
.sp
\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files
containing the now\-revoked key.
.SH OPTIONS
.INDENT 0.0
.TP
.B \-h
This option emits a usage message and exits.
.UNINDENT
.INDENT 0.0
.TP
.B \-K directory
This option sets the directory in which the key files are to reside.
.UNINDENT
.INDENT 0.0
.TP
.B \-r
This option indicates to remove the original keyset files after writing the new keyset files.
.UNINDENT
.INDENT 0.0
.TP
.B \-v level
This option sets the debugging level.
.UNINDENT
.INDENT 0.0
.TP
.B \-V
This option prints version information.
.UNINDENT
.INDENT 0.0
.TP
.B \-E engine
This option specifies the cryptographic hardware to use, when applicable.
.sp
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
engine identifier that drives the cryptographic accelerator or
hardware service module (usually \fBpkcs11\fP).
.UNINDENT
.INDENT 0.0
.TP
.B \-f
This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair,
even if a file already exists matching the algorithm and key ID of
the revoked key.
.UNINDENT
.INDENT 0.0
.TP
.B \-R
This option prints the key tag of the key with the REVOKE bit set, but does not
revoke the key.
.UNINDENT
.SH SEE ALSO
.sp
\fI\%dnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2023, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.
|
