Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_13_...
[ipreg/bind9.git] / bin / dnssec / dnssec-importkey.8
CommitLineData
b4d3f782 1.\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
66327219 2.\"
6807a2dc
TU
3.\" This Source Code Form is subject to the terms of the Mozilla Public
4.\" License, v. 2.0. If a copy of the MPL was not distributed with this
5.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
0c91911b 6.\"
0c91911b
MA
7.hy 0
8.ad l
2eeb74d1
TU
9'\" t
10.\" Title: dnssec-importkey
914ed533 11.\" Author:
26cde05d 12.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
e62b9c9c 13.\" Date: August 21, 2015
0c91911b 14.\" Manual: BIND9
2eeb74d1
TU
15.\" Source: ISC
16.\" Language: English
0c91911b 17.\"
e62b9c9c 18.TH "DNSSEC\-IMPORTKEY" "8" "August 21, 2015" "ISC" "BIND9"
2eeb74d1
TU
19.\" -----------------------------------------------------------------
20.\" * Define some portability stuff
21.\" -----------------------------------------------------------------
22.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23.\" http://bugs.debian.org/507673
24.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
25.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26.ie \n(.g .ds Aq \(aq
27.el .ds Aq '
28.\" -----------------------------------------------------------------
29.\" * set default formatting
30.\" -----------------------------------------------------------------
0c91911b
MA
31.\" disable hyphenation
32.nh
33.\" disable justification (adjust text to left margin only)
34.ad l
2eeb74d1
TU
35.\" -----------------------------------------------------------------
36.\" * MAIN CONTENT STARTS HERE *
37.\" -----------------------------------------------------------------
0c91911b 38.SH "NAME"
dec590a3 39dnssec-importkey \- import DNSKEY records from external systems so they can be managed
0c91911b 40.SH "SYNOPSIS"
26cde05d 41.HP \w'\fBdnssec\-importkey\fR\ 'u
e62b9c9c 42\fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
26cde05d 43.HP \w'\fBdnssec\-importkey\fR\ 'u
e62b9c9c 44\fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
0c91911b
MA
45.SH "DESCRIPTION"
46.PP
47\fBdnssec\-importkey\fR
2eeb74d1 48reads a public DNSKEY record and generates a pair of \&.key/\&.private files\&. The DNSKEY record may be read from an existing \&.key file, in which case a corresponding \&.private file will be generated, or it may be read from any other file or from the standard input, in which case both \&.key and \&.private files will be generated\&.
914ed533 49.PP
2eeb74d1 50The newly\-created \&.private file does
914ed533 51\fInot\fR
2eeb74d1 52contain private key data, and cannot be used for signing\&. However, having a \&.private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline\&.
0c91911b
MA
53.SH "OPTIONS"
54.PP
55\-f \fIfilename\fR
56.RS 4
914ed533 57Zone file mode: instead of a public keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
2eeb74d1
TU
58\fBfile\fR\&. If the domain name is the same as
59\fBfile\fR, then it may be omitted\&.
914ed533
TU
60.sp
61If
62\fBfile\fR
63is set to
2eeb74d1 64"\-", then the zone data is read from the standard input\&.
0c91911b
MA
65.RE
66.PP
67\-K \fIdirectory\fR
68.RS 4
2eeb74d1 69Sets the directory in which the key files are to reside\&.
0c91911b
MA
70.RE
71.PP
72\-L \fIttl\fR
73.RS 4
2eeb74d1 74Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
0c91911b
MA
750
76or
77none
2eeb74d1 78removes it\&.
0c91911b
MA
79.RE
80.PP
81\-h
82.RS 4
2eeb74d1 83Emit usage message and exit\&.
0c91911b
MA
84.RE
85.PP
86\-v \fIlevel\fR
87.RS 4
2eeb74d1 88Sets the debugging level\&.
0c91911b 89.RE
6f120589
TU
90.PP
91\-V
92.RS 4
2eeb74d1 93Prints version information\&.
6f120589 94.RE
0c91911b
MA
95.SH "TIMING OPTIONS"
96.PP
2eeb74d1 97Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
0c91911b
MA
98.PP
99\-P \fIdate/offset\fR
100.RS 4
2eeb74d1 101Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
0c91911b
MA
102.RE
103.PP
e62b9c9c
TU
104\-P sync \fIdate/offset\fR
105.RS 4
106Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
107.RE
108.PP
0c91911b
MA
109\-D \fIdate/offset\fR
110.RS 4
2eeb74d1 111Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
0c91911b 112.RE
e62b9c9c
TU
113.PP
114\-D sync \fIdate/offset\fR
115.RS 4
116Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
117.RE
914ed533
TU
118.SH "FILES"
119.PP
120A keyfile can be designed by the key identification
2eeb74d1 121Knnnn\&.+aaa+iiiii
914ed533 122or the full file name
2eeb74d1 123Knnnn\&.+aaa+iiiii\&.key
914ed533 124as generated by
2eeb74d1 125dnssec\-keygen(8)\&.
0c91911b
MA
126.SH "SEE ALSO"
127.PP
2eeb74d1
TU
128\fBdnssec-keygen\fR(8),
129\fBdnssec-signzone\fR(8),
0c91911b 130BIND 9 Administrator Reference Manual,
2eeb74d1 131RFC 5011\&.
0c91911b
MA
132.SH "AUTHOR"
133.PP
2eeb74d1 134\fBInternet Systems Consortium, Inc\&.\fR
0c91911b 135.SH "COPYRIGHT"
2eeb74d1 136.br
b4d3f782 137Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
0c91911b 138.br