133 lines
3.3 KiB
Groff
133 lines
3.3 KiB
Groff
.\" Copyright (c) 1996,1999 by Internet Software Consortium
|
|
.\"
|
|
.\" Permission to use, copy, modify, and distribute this software for any
|
|
.\" purpose with or without fee is hereby granted, provided that the above
|
|
.\" copyright notice and this permission notice appear in all copies.
|
|
.\"
|
|
.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
|
|
.\" ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
|
|
.\" OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
|
|
.\" CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
|
|
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
|
|
.\" PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
|
|
.\" ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
|
|
.\" SOFTWARE.
|
|
.\"
|
|
.\" $Id: dnskeygen.1,v 8.8 2002/04/22 04:27:19 marka Exp $
|
|
.\"
|
|
.Dd December 2, 1998
|
|
.Dt DNSKEYGEN @CMD_EXT_U@
|
|
.Os BSD 4
|
|
.Sh NAME
|
|
.Nm dnskeygen
|
|
.Nd "generate public, private, and shared secret keys for DNS Security"
|
|
.Sh SYNOPSIS
|
|
.Nm dnskeygen
|
|
.Oo
|
|
.Fl Op Cm DHR
|
|
.Ar size
|
|
.Oc
|
|
.Op Fl F
|
|
.Op Fl Cm zhu
|
|
.Op Fl Cm a
|
|
.Op Fl Cm c
|
|
.Op Fl Cm p Ar num
|
|
.Op Fl Cm s Ar num
|
|
.Fl n Ar name
|
|
.Sh DESCRIPTION
|
|
.Ic Dnskeygen
|
|
(DNS Key Generator) is a tool to generate and maintain keys for DNS Security
|
|
within the DNS (Domain Name System).
|
|
.Nm Dnskeygen
|
|
can generate public and private keys to authenticate zone data, and shared
|
|
secret keys to be used for Request/Transaction signatures.
|
|
.Bl -tag -width Fl
|
|
.It Fl D
|
|
Dnskeygen will generate a
|
|
.Ic DSA/DSS
|
|
key.
|
|
.Dq size
|
|
must be one of [512, 576, 640, 704, 768, 832, 896, 960, 1024].
|
|
.It Fl H
|
|
Dnskeygen will generate an
|
|
.Ic HMAC-MD5
|
|
key.
|
|
.Dq size
|
|
must be between 128 and 504.
|
|
.It Fl R
|
|
Dnskeygen will generate an
|
|
.Ic RSA
|
|
key.
|
|
.Dq size
|
|
must be between 512 and 4096.
|
|
.It Fl F
|
|
.Ic ( RSA only )
|
|
Use a large exponent for key generation.
|
|
.It Fl z Fl h Fl u
|
|
These flags define the type of key being generated: Zone (DNS validation) key,
|
|
Host (host or service) key or User (e.g. email) key, respectively.
|
|
Each key is only allowed to be one of these.
|
|
.It Fl a
|
|
Indicates that the key
|
|
.Ic CANNOT
|
|
be used for authentication.
|
|
.It Fl c
|
|
Indicates that the key
|
|
.Ic CANNOT
|
|
be used for encryption.
|
|
.It Fl p Ar num
|
|
Sets the key's protocol field to
|
|
.Ar num ;
|
|
the default is
|
|
.Ic 3
|
|
(DNSSEC) if
|
|
.Dq Fl z
|
|
or
|
|
.Dq Fl h
|
|
is specified and
|
|
.Ic 2
|
|
(EMAIL) otherwise. Other accepted values are
|
|
.Ic 1
|
|
(TLS),
|
|
.Ic 4
|
|
(IPSEC), and
|
|
.Ic 255
|
|
(ANY).
|
|
.It Fl s Ar num
|
|
Sets the key's strength field to
|
|
.Ar num ;
|
|
the default is
|
|
.Sy 0 .
|
|
.It Fl n Ar name
|
|
Sets the key's name to
|
|
.Ar name .
|
|
.El
|
|
.Ss DETAILS
|
|
.Ic Dnskeygen
|
|
stores each key in two files:
|
|
.Pa K<name>+<alg>+<footprint>.private
|
|
and
|
|
.Pa K<name>+<alg>+<footprint>.key
|
|
The file
|
|
.Pa K<name>+<alg>+<footprint>.private
|
|
contains the private key in a portable format. The file
|
|
.Pa K<name>+<alg>+<footprint>.key
|
|
contains the public key in the DNS zone file format:
|
|
.Pp
|
|
.D1 Ar <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus>
|
|
.Pp
|
|
.Sh ENVIRONMENT
|
|
No environmental variables are used.
|
|
.Sh SEE ALSO
|
|
.Em RFC 2065
|
|
on secure DNS and the
|
|
.Em TSIG
|
|
Internet Draft.
|
|
.Sh AUTHOR
|
|
Olafur Gudmundsson (ogud@tis.com).
|
|
.Sh ACKNOWLEDGMENTS
|
|
The underlying cryptographic math is done by the DNSSAFE and/or Foundation
|
|
Toolkit libraries.
|
|
.Sh BUGS
|
|
None are known at this time
|