Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_13_...
[ipreg/bind9.git] / bin / dnssec / dnssec-revoke.8
1 .\" Copyright (C) 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
2 .\"
3 .\" This Source Code Form is subject to the terms of the Mozilla Public
4 .\" License, v. 2.0. If a copy of the MPL was not distributed with this
5 .\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
6 .\"
7 .hy 0
8 .ad l
9 '\" t
10 .\" Title: dnssec-revoke
11 .\" Author:
12 .\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
13 .\" Date: 2014-01-15
14 .\" Manual: BIND9
15 .\" Source: ISC
16 .\" Language: English
17 .\"
18 .TH "DNSSEC\-REVOKE" "8" "2014\-01\-15" "ISC" "BIND9"
19 .\" -----------------------------------------------------------------
20 .\" * Define some portability stuff
21 .\" -----------------------------------------------------------------
22 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
23 .\" http://bugs.debian.org/507673
24 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
25 .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
26 .ie \n(.g .ds Aq \(aq
27 .el .ds Aq '
28 .\" -----------------------------------------------------------------
29 .\" * set default formatting
30 .\" -----------------------------------------------------------------
31 .\" disable hyphenation
32 .nh
33 .\" disable justification (adjust text to left margin only)
34 .ad l
35 .\" -----------------------------------------------------------------
36 .\" * MAIN CONTENT STARTS HERE *
37 .\" -----------------------------------------------------------------
38 .SH "NAME"
39 dnssec-revoke \- set the REVOKED bit on a DNSSEC key
40 .SH "SYNOPSIS"
41 .HP \w'\fBdnssec\-revoke\fR\ 'u
42 \fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-V\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
43 .SH "DESCRIPTION"
44 .PP
45 \fBdnssec\-revoke\fR
46 reads a DNSSEC key file, sets the REVOKED bit on the key as defined in RFC 5011, and creates a new pair of key files containing the now\-revoked key\&.
47 .SH "OPTIONS"
48 .PP
49 \-h
50 .RS 4
51 Emit usage message and exit\&.
52 .RE
53 .PP
54 \-K \fIdirectory\fR
55 .RS 4
56 Sets the directory in which the key files are to reside\&.
57 .RE
58 .PP
59 \-r
60 .RS 4
61 After writing the new keyset files remove the original keyset files\&.
62 .RE
63 .PP
64 \-v \fIlevel\fR
65 .RS 4
66 Sets the debugging level\&.
67 .RE
68 .PP
69 \-V
70 .RS 4
71 Prints version information\&.
72 .RE
73 .PP
74 \-E \fIengine\fR
75 .RS 4
76 Specifies the cryptographic hardware to use, when applicable\&.
77 .sp
78 When BIND is built with OpenSSL PKCS#11 support, this defaults to the string "pkcs11", which identifies an OpenSSL engine that can drive a cryptographic accelerator or hardware service module\&. When BIND is built with native PKCS#11 cryptography (\-\-enable\-native\-pkcs11), it defaults to the path of the PKCS#11 provider library specified via "\-\-with\-pkcs11"\&.
79 .RE
80 .PP
81 \-f
82 .RS 4
83 Force overwrite: Causes
84 \fBdnssec\-revoke\fR
85 to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key\&.
86 .RE
87 .PP
88 \-R
89 .RS 4
90 Print the key tag of the key with the REVOKE bit set but do not revoke the key\&.
91 .RE
92 .SH "SEE ALSO"
93 .PP
94 \fBdnssec-keygen\fR(8),
95 BIND 9 Administrator Reference Manual,
96 RFC 5011\&.
97 .SH "AUTHOR"
98 .PP
99 \fBInternet Systems Consortium, Inc\&.\fR
100 .SH "COPYRIGHT"
101 .br
102 Copyright \(co 2009, 2011, 2014-2016, 2018, 2019 Internet Systems Consortium, Inc. ("ISC")
103 .br