2 - Copyright (C) 2009, 2011, 2014 Internet Systems Consortium, Inc. ("ISC")
4 - Permission to use, copy, modify, and/or distribute this software for any
5 - purpose with or without fee is hereby granted, provided that the above
6 - copyright notice and this permission notice appear in all copies.
8 - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
9 - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
10 - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
11 - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
12 - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
13 - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
14 - PERFORMANCE OF THIS SOFTWARE.
19 <meta http-equiv=
"Content-Type" content=
"text/html; charset=ISO-8859-1">
20 <title>dnssec-revoke
</title>
21 <meta name=
"generator" content=
"DocBook XSL Stylesheets V1.71.1">
23 <body bgcolor=
"white" text=
"black" link=
"#0000FF" vlink=
"#840084" alink=
"#0000FF"><div class=
"refentry" lang=
"en">
24 <a name=
"man.dnssec-revoke"></a><div class=
"titlepage"></div>
25 <div class=
"refnamediv">
27 <p><span class=
"application">dnssec-revoke
</span> — Set the REVOKED bit on a DNSSEC key
</p>
29 <div class=
"refsynopsisdiv">
31 <div class=
"cmdsynopsis"><p><code class=
"command">dnssec-revoke
</code> [
<code class=
"option">-hr
</code>] [
<code class=
"option">-v
<em class=
"replaceable"><code>level
</code></em></code>] [
<code class=
"option">-V
</code>] [
<code class=
"option">-K
<em class=
"replaceable"><code>directory
</code></em></code>] [
<code class=
"option">-E
<em class=
"replaceable"><code>engine
</code></em></code>] [
<code class=
"option">-f
</code>] [
<code class=
"option">-R
</code>] {keyfile}
</p></div>
33 <div class=
"refsect1" lang=
"en">
34 <a name=
"id2543397"></a><h2>DESCRIPTION
</h2>
35 <p><span><strong class=
"command">dnssec-revoke
</strong></span>
36 reads a DNSSEC key file, sets the REVOKED bit on the key as defined
37 in RFC
5011, and creates a new pair of key files containing the
41 <div class=
"refsect1" lang=
"en">
42 <a name=
"id2543409"></a><h2>OPTIONS
</h2>
43 <div class=
"variablelist"><dl>
44 <dt><span class=
"term">-h
</span></dt>
46 Emit usage message and exit.
48 <dt><span class=
"term">-K
<em class=
"replaceable"><code>directory
</code></em></span></dt>
50 Sets the directory in which the key files are to reside.
52 <dt><span class=
"term">-r
</span></dt>
54 After writing the new keyset files remove the original keyset
57 <dt><span class=
"term">-v
<em class=
"replaceable"><code>level
</code></em></span></dt>
59 Sets the debugging level.
61 <dt><span class=
"term">-V
</span></dt>
63 Prints version information.
65 <dt><span class=
"term">-E
<em class=
"replaceable"><code>engine
</code></em></span></dt>
68 Specifies the cryptographic hardware to use, when applicable.
71 When BIND is built with OpenSSL PKCS#
11 support, this defaults
72 to the string
"pkcs11", which identifies an OpenSSL engine
73 that can drive a cryptographic accelerator or hardware service
74 module. When BIND is built with native PKCS#
11 cryptography
75 (--enable-native-pkcs11), it defaults to the path of the PKCS#
11
76 provider library specified via
"--with-pkcs11".
79 <dt><span class=
"term">-f
</span></dt>
81 Force overwrite: Causes
<span><strong class=
"command">dnssec-revoke
</strong></span> to
82 write the new key pair even if a file already exists matching
83 the algorithm and key ID of the revoked key.
85 <dt><span class=
"term">-R
</span></dt>
87 Print the key tag of the key with the REVOKE bit set but do
92 <div class=
"refsect1" lang=
"en">
93 <a name=
"id2543544"></a><h2>SEE ALSO
</h2>
94 <p><span class=
"citerefentry"><span class=
"refentrytitle">dnssec-keygen
</span>(
8)
</span>,
95 <em class=
"citetitle">BIND
9 Administrator Reference Manual
</em>,
96 <em class=
"citetitle">RFC
5011</em>.
99 <div class=
"refsect1" lang=
"en">
100 <a name=
"id2543569"></a><h2>AUTHOR
</h2>
101 <p><span class=
"corpauthor">Internet Systems Consortium
</span>