Files
bind9/doc/man/dnssec-revoke.1in

87 lines
2.6 KiB
Plaintext

.\" Man page generated from reStructuredText.
.
.TH "DNSSEC-REVOKE" "1" "@RELEASE_DATE@" "@PACKAGE_VERSION@" "BIND 9"
.SH NAME
dnssec-revoke \- set the REVOKED bit on a DNSSEC key
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH SYNOPSIS
.sp
\fBdnssec\-revoke\fP [\fB\-hr\fP] [\fB\-v\fP level] [\fB\-V\fP] [\fB\-K\fP directory] [\fB\-E\fP engine] [\fB\-f\fP] [\fB\-R\fP] {keyfile}
.SH DESCRIPTION
.sp
\fBdnssec\-revoke\fP reads a DNSSEC key file, sets the REVOKED bit on the
key as defined in \fI\%RFC 5011\fP, and creates a new pair of key files
containing the now\-revoked key.
.SH OPTIONS
.INDENT 0.0
.TP
.B \fB\-h\fP
This option emits a usage message and exits.
.TP
.B \fB\-K directory\fP
This option sets the directory in which the key files are to reside.
.TP
.B \fB\-r\fP
This option indicates to remove the original keyset files after writing the new keyset files.
.TP
.B \fB\-v level\fP
This option sets the debugging level.
.TP
.B \fB\-V\fP
This option prints version information.
.TP
.B \fB\-E engine\fP
This option specifies the cryptographic hardware to use, when applicable.
.sp
When BIND 9 is built with OpenSSL PKCS#11 support, this defaults to the
string \fBpkcs11\fP, which identifies an OpenSSL engine that can drive a
cryptographic accelerator or hardware service module. When BIND is
built with native PKCS#11 cryptography (\fB\-\-enable\-native\-pkcs11\fP), it
defaults to the path of the PKCS#11 provider library specified via
\fB\-\-with\-pkcs11\fP\&.
.TP
.B \fB\-f\fP
This option indicates a forced overwrite and causes \fBdnssec\-revoke\fP to write the new key pair,
even if a file already exists matching the algorithm and key ID of
the revoked key.
.TP
.B \fB\-R\fP
This option prints the key tag of the key with the REVOKE bit set, but does not
revoke the key.
.UNINDENT
.SH SEE ALSO
.sp
\fBdnssec\-keygen(8)\fP, BIND 9 Administrator Reference Manual, \fI\%RFC 5011\fP\&.
.SH AUTHOR
Internet Systems Consortium
.SH COPYRIGHT
2020, Internet Systems Consortium
.\" Generated by docutils manpage writer.
.