Developer's Daily | Unix by Example |
main | java | perl | unix | dev directory | web log |
DNSKEYGEN(1) BSD General Commands Manual DNSKEYGEN(1)
NAME
dnskeygen ? generate public, private, and shared secret keys for DNS Security |
SYNOPSIS
dnskeygen [ |
? [DHR] size] [?F] ?[zhu] [?a] [?c] [?p num] [?s num] ?nname
DESCRIPTION |
Dnskeygen (DNS Key Generator) is a tool to generate and maintain keys for DNS Security within the DNS (Domain Name System). Dnskeygen can generate public and private keys to authenticate zone data, and shared secret keys to be used for Request/Transaction signatures. |
?D’ Dnskeygen will generate a DSA/DSS key. ‘‘size’’ must beone of [512, 576, 640, 704, 768, 832, 896, 960, 1024].
?H’ Dnskeygen will generate an HMAC-MD5 key. ‘‘size’’ must be between 128 and 504. ?R’ Dnskeygen will generate an RSA key. ‘‘size’’ must be between 512 and 4096. ?F’ (RSA only) Use a large exponent for key generation. ?z ?h ?u’ These flags define the type of key being generated: Zone (DNS validation) key, Host (host or service) key or User (e.g. email) key, respectively. Each key is only allowed to be one of these. ?a’ Indicates that the key CANNOT be used for authentication. ?c’ Indicates that the key CANNOT be used for encryption. ?p num’ Sets the key’s protocol field to num ; the default is 3 (DNSSEC) if ‘‘?z’’ or ‘‘?h’’ is specified and 2 (EMAIL) otherwise. Other accepted values are 1 (TLS), 4 (IPSEC), and 255 (ANY). ?s num’ Sets the key’s strength field to num; the default is 0. ?n name’ Sets the key’s name to name. DETAILS <name> IN KEY <flags> <algorithm> <protocol> <exponent|modulus> ENVIRONMENT |
No environmental variables are used. |
SEE ALSO
RFC 2065 on secure DNS and the TSIG Internet Draft. |
AUTHOR
Olafur Gudmundsson (ogud@tis.com). |
ACKNOWLEDGMENTS
The underlying cryptographic math is done by the DNSSAFE and/or Foundation Toolkit libraries. |
BUGS
None are known at this time 4th Berkeley Distribution December 2, 1998 4th Berkeley Distribution |