87b44b59c8
The -E option does not default to pkcs11 if --with-pkcs11 is set, but always needs to be set explicitly. (cherry picked from commit 0536375d4cf61c9b570a32e808dde78a7ef859bf)
87 lines
2.5 KiB
Plaintext
87 lines
2.5 KiB
Plaintext
.\" Man page generated from reStructuredText.
|
|
.
|
|
.TH "DNSSEC-REVOKE" "8" "@RELEASE_DATE@" "@BIND9_VERSION@" "BIND 9"
|
|
.SH NAME
|
|
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
|
|
.
|
|
.nr rst2man-indent-level 0
|
|
.
|
|
.de1 rstReportMargin
|
|
\\$1 \\n[an-margin]
|
|
level \\n[rst2man-indent-level]
|
|
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
-
|
|
\\n[rst2man-indent0]
|
|
\\n[rst2man-indent1]
|
|
\\n[rst2man-indent2]
|
|
..
|
|
.de1 INDENT
|
|
.\" .rstReportMargin pre:
|
|
. RS \\$1
|
|
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
|
|
. nr rst2man-indent-level +1
|
|
.\" .rstReportMargin post:
|
|
..
|
|
.de UNINDENT
|
|
. RE
|
|
.\" indent \\n[an-margin]
|
|
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.nr rst2man-indent-level -1
|
|
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
|
|
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
|
|
..
|
|
.SH SYNOPSIS
|
|
.sp
|
|
\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
|
|
.SH DESCRIPTION
|
|
.sp
|
|
\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
|
|
key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files
|
|
containing the now\-revoked key.
|
|
.SH OPTIONS
|
|
.INDENT 0.0
|
|
.TP
|
|
.B \fB\-h\fP
|
|
This option emits a usage message and exits.
|
|
.TP
|
|
.B \fB\-K directory\fP
|
|
This option sets the directory in which the key files are to reside.
|
|
.TP
|
|
.B \fB\-r\fP
|
|
This option indicates to remove the original keyset files after writing the new keyset files.
|
|
.TP
|
|
.B \fB\-v level\fP
|
|
This option sets the debugging level.
|
|
.TP
|
|
.B \fB\-V\fP
|
|
This option prints version information.
|
|
.TP
|
|
.B \fB\-E engine\fP
|
|
This option specifies the cryptographic hardware to use, when applicable.
|
|
.sp
|
|
When BIND 9 is built with OpenSSL, this needs to be set to the OpenSSL
|
|
engine identifier that drives the cryptographic accelerator or
|
|
hardware service module (usually \fBpkcs11\fP). When BIND is
|
|
built with native PKCS#11 cryptography (\fB\-\-enable\-native\-pkcs11\fP), it
|
|
defaults to the path of the PKCS#11 provider library specified via
|
|
\fB\-\-with\-pkcs11\fP\&.
|
|
.TP
|
|
.B \fB\-f\fP
|
|
This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair,
|
|
even if a file already exists matching the algorithm and key ID of
|
|
the revoked key.
|
|
.TP
|
|
.B \fB\-R\fP
|
|
This option prints the key tag of the key with the REVOKE bit set, but does not
|
|
revoke the key.
|
|
.UNINDENT
|
|
.SH SEE ALSO
|
|
.sp
|
|
\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
|
|
.SH AUTHOR
|
|
Internet Systems Consortium
|
|
.SH COPYRIGHT
|
|
2021, Internet Systems Consortium
|
|
.\" Generated by docutils manpage writer.
|
|
.
|