Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_13_...
[ipreg/bind9.git] / bin / dnssec / dnssec-importkey.8
1 .\" Copyright (C) 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
2 .\"
3 .\" This Source Code Form is subject to the terms of the Mozilla Public
4 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
5 .\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 .\"
7 .hy 0
8 .ad l
9 '\" t
10 .\" Title: dnssec-importkey
11 .\" Author:
12 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
13 .\" Date: August 21, 2015
14 .\" Manual: BIND9
15 .\" Source: ISC
16 .\" Language: English
17 .\"
18 .TH "DNSSEC\-IMPORTKEY" "8" "August 21, 2015" "ISC" "BIND9"
19 .\" -----------------------------------------------------------------
20 .\" * Define some portability stuff
21 .\" -----------------------------------------------------------------
22 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23 .\" http://bugs.debian.org/507673
24 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
25 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26 .ie \n(.g .ds Aq \(aq
27 .el .ds Aq '
28 .\" -----------------------------------------------------------------
29 .\" * set default formatting
30 .\" -----------------------------------------------------------------
31 .\" disable hyphenation
32 .nh
33 .\" disable justification (adjust text to left margin only)
34 .ad l
35 .\" -----------------------------------------------------------------
36 .\" * MAIN CONTENT STARTS HERE *
37 .\" -----------------------------------------------------------------
38 .SH "NAME"
39 dnssec-importkey \- import DNSKEY records from external systems so they can be managed
40 .SH "SYNOPSIS"
41 .HP \w'\fBdnssec\-importkey\fR\ 'u
42 \fBdnssec\-importkey\fR [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] {\fBkeyfile\fR}
43 .HP \w'\fBdnssec\-importkey\fR\ 'u
44 \fBdnssec\-importkey\fR {\fB\-f\ \fR\fB\fIfilename\fR\fR} [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-P\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ sync\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fBdnsname\fR]
45 .SH "DESCRIPTION"
46 .PP
47 \fBdnssec\-importkey\fR
48 reads a public DNSKEY record and generates a pair of \&.key/\&.private files\&. The DNSKEY record may be read from an existing \&.key file, in which case a corresponding \&.private file will be generated, or it may be read from any other file or from the standard input, in which case both \&.key and \&.private files will be generated\&.
49 .PP
50 The newly\-created \&.private file does
51 \fInot\fR
52 contain private key data, and cannot be used for signing\&. However, having a \&.private file makes it possible to set publication (\fB\-P\fR) and deletion (\fB\-D\fR) times for the key, which means the public key can be added to and removed from the DNSKEY RRset on schedule even if the true private key is stored offline\&.
53 .SH "OPTIONS"
54 .PP
55 \-f \fIfilename\fR
56 .RS 4
57 Zone file mode: instead of a public keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
58 \fBfile\fR\&. If the domain name is the same as
59 \fBfile\fR, then it may be omitted\&.
60 .sp
61 If
62 \fBfile\fR
63 is set to
64 "\-", then the zone data is read from the standard input\&.
65 .RE
66 .PP
67 \-K \fIdirectory\fR
68 .RS 4
69 Sets the directory in which the key files are to reside\&.
70 .RE
71 .PP
72 \-L \fIttl\fR
73 .RS 4
74 Sets the default TTL to use for this key when it is converted into a DNSKEY RR\&. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence\&. Setting the default TTL to
75 0
76 or
77 none
78 removes it\&.
79 .RE
80 .PP
81 \-h
82 .RS 4
83 Emit usage message and exit\&.
84 .RE
85 .PP
86 \-v \fIlevel\fR
87 .RS 4
88 Sets the debugging level\&.
89 .RE
90 .PP
91 \-V
92 .RS 4
93 Prints version information\&.
94 .RE
95 .SH "TIMING OPTIONS"
96 .PP
97 Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS\&. If the argument begins with a \*(Aq+\*(Aq or \*(Aq\-\*(Aq, it is interpreted as an offset from the present time\&. For convenience, if such an offset is followed by one of the suffixes \*(Aqy\*(Aq, \*(Aqmo\*(Aq, \*(Aqw\*(Aq, \*(Aqd\*(Aq, \*(Aqh\*(Aq, or \*(Aqmi\*(Aq, then the offset is computed in years (defined as 365 24\-hour days, ignoring leap years), months (defined as 30 24\-hour days), weeks, days, hours, or minutes, respectively\&. Without a suffix, the offset is computed in seconds\&. To explicitly prevent a date from being set, use \*(Aqnone\*(Aq or \*(Aqnever\*(Aq\&.
98 .PP
99 \-P \fIdate/offset\fR
100 .RS 4
101 Sets the date on which a key is to be published to the zone\&. After that date, the key will be included in the zone but will not be used to sign it\&.
102 .RE
103 .PP
104 \-P sync \fIdate/offset\fR
105 .RS 4
106 Sets the date on which CDS and CDNSKEY records that match this key are to be published to the zone\&.
107 .RE
108 .PP
109 \-D \fIdate/offset\fR
110 .RS 4
111 Sets the date on which the key is to be deleted\&. After that date, the key will no longer be included in the zone\&. (It may remain in the key repository, however\&.)
112 .RE
113 .PP
114 \-D sync \fIdate/offset\fR
115 .RS 4
116 Sets the date on which the CDS and CDNSKEY records that match this key are to be deleted\&.
117 .RE
118 .SH "FILES"
119 .PP
120 A keyfile can be designed by the key identification
121 Knnnn\&.+aaa+iiiii
122 or the full file name
123 Knnnn\&.+aaa+iiiii\&.key
124 as generated by
125 dnssec\-keygen(8)\&.
126 .SH "SEE ALSO"
127 .PP
128 \fBdnssec-keygen\fR(8),
129 \fBdnssec-signzone\fR(8),
130 BIND 9 Administrator Reference Manual,
131 RFC 5011\&.
132 .SH "AUTHOR"
133 .PP
134 \fBInternet Systems Consortium, Inc\&.\fR
135 .SH "COPYRIGHT"
136 .br
137 Copyright \(co 2013-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
138 .br