Update repub branch u/fanf2/patch to rebasing branch u/fanf2/rebasing revision v9_13_...
[ipreg/bind9.git] / bin / dnssec / dnssec-revoke.docbook
1 <!--
2 - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3 -
4 - This Source Code Form is subject to the terms of the Mozilla Public
5 - License, v. 2.0. If a copy of the MPL was not distributed with this
6 - file, You can obtain one at http://mozilla.org/MPL/2.0/.
7 -
8 - See the COPYRIGHT file distributed with this work for additional
9 - information regarding copyright ownership.
10 -->
11
12 <!-- Converted by db4-upgrade version 1.0 -->
13 <refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.dnssec-revoke">
14 <info>
15 <date>2014-01-15</date>
16 </info>
17 <refentryinfo>
18 <corpname>ISC</corpname>
19 <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
20 </refentryinfo>
21
22 <refmeta>
23 <refentrytitle><application>dnssec-revoke</application></refentrytitle>
24 <manvolnum>8</manvolnum>
25 <refmiscinfo>BIND9</refmiscinfo>
26 </refmeta>
27
28 <refnamediv>
29 <refname><application>dnssec-revoke</application></refname>
30 <refpurpose>set the REVOKED bit on a DNSSEC key</refpurpose>
31 </refnamediv>
32
33 <docinfo>
34 <copyright>
35 <year>2009</year>
36 <year>2011</year>
37 <year>2014</year>
38 <year>2015</year>
39 <year>2016</year>
40 <year>2018</year>
41 <year>2019</year>
42 <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
43 </copyright>
44 </docinfo>
45
46 <refsynopsisdiv>
47 <cmdsynopsis sepchar=" ">
48 <command>dnssec-revoke</command>
49 <arg choice="opt" rep="norepeat"><option>-hr</option></arg>
50 <arg choice="opt" rep="norepeat"><option>-v <replaceable class="parameter">level</replaceable></option></arg>
51 <arg choice="opt" rep="norepeat"><option>-V</option></arg>
52 <arg choice="opt" rep="norepeat"><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
53 <arg choice="opt" rep="norepeat"><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
54 <arg choice="opt" rep="norepeat"><option>-f</option></arg>
55 <arg choice="opt" rep="norepeat"><option>-R</option></arg>
56 <arg choice="req" rep="norepeat">keyfile</arg>
57 </cmdsynopsis>
58 </refsynopsisdiv>
59
60 <refsection><info><title>DESCRIPTION</title></info>
61
62 <para><command>dnssec-revoke</command>
63 reads a DNSSEC key file, sets the REVOKED bit on the key as defined
64 in RFC 5011, and creates a new pair of key files containing the
65 now-revoked key.
66 </para>
67 </refsection>
68
69 <refsection><info><title>OPTIONS</title></info>
70
71
72 <variablelist>
73 <varlistentry>
74 <term>-h</term>
75 <listitem>
76 <para>
77 Emit usage message and exit.
78 </para>
79 </listitem>
80 </varlistentry>
81
82 <varlistentry>
83 <term>-K <replaceable class="parameter">directory</replaceable></term>
84 <listitem>
85 <para>
86 Sets the directory in which the key files are to reside.
87 </para>
88 </listitem>
89 </varlistentry>
90
91 <varlistentry>
92 <term>-r</term>
93 <listitem>
94 <para>
95 After writing the new keyset files remove the original keyset
96 files.
97 </para>
98 </listitem>
99 </varlistentry>
100
101 <varlistentry>
102 <term>-v <replaceable class="parameter">level</replaceable></term>
103 <listitem>
104 <para>
105 Sets the debugging level.
106 </para>
107 </listitem>
108 </varlistentry>
109
110 <varlistentry>
111 <term>-V</term>
112 <listitem>
113 <para>
114 Prints version information.
115 </para>
116 </listitem>
117 </varlistentry>
118
119 <varlistentry>
120 <term>-E <replaceable class="parameter">engine</replaceable></term>
121 <listitem>
122 <para>
123 Specifies the cryptographic hardware to use, when applicable.
124 </para>
125 <para>
126 When BIND is built with OpenSSL PKCS#11 support, this defaults
127 to the string "pkcs11", which identifies an OpenSSL engine
128 that can drive a cryptographic accelerator or hardware service
129 module. When BIND is built with native PKCS#11 cryptography
130 (--enable-native-pkcs11), it defaults to the path of the PKCS#11
131 provider library specified via "--with-pkcs11".
132 </para>
133 </listitem>
134 </varlistentry>
135
136 <varlistentry>
137 <term>-f</term>
138 <listitem>
139 <para>
140 Force overwrite: Causes <command>dnssec-revoke</command> to
141 write the new key pair even if a file already exists matching
142 the algorithm and key ID of the revoked key.
143 </para>
144 </listitem>
145 </varlistentry>
146
147 <varlistentry>
148 <term>-R</term>
149 <listitem>
150 <para>
151 Print the key tag of the key with the REVOKE bit set but do
152 not revoke the key.
153 </para>
154 </listitem>
155 </varlistentry>
156 </variablelist>
157 </refsection>
158
159 <refsection><info><title>SEE ALSO</title></info>
160
161 <para><citerefentry>
162 <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
163 </citerefentry>,
164 <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
165 <citetitle>RFC 5011</citetitle>.
166 </para>
167 </refsection>
168
169 </refentry>