Replace some more DSA examples with ECDSAP256SHA256 1192/head
authorMatthijs Mekking <github@pletterpet.nl>
Thu, 6 Dec 2018 09:34:43 +0000 (10:34 +0100)
committerOndřej Surý <ondrej@sury.org>
Thu, 6 Dec 2018 13:47:05 +0000 (14:47 +0100)
(cherry picked from commit 5f27dc35df7651be8bfd24138c2ccd6fd28806af)

bin/dnssec/dnssec-keygen.docbook
bin/dnssec/dnssec-signzone.docbook

index d2e5a45..539b1f0 100644 (file)
   <refsection><info><title>EXAMPLE</title></info>
 
     <para>
-      To generate a 768-bit DSA key for the domain
+      To generate an ECDSAP256SHA256 key for the domain
       <userinput>example.com</userinput>, the following command would be
       issued:
     </para>
-    <para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
+    <para><userinput>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</userinput>
     </para>
     <para>
       The command would print a string of the form:
     </para>
-    <para><userinput>Kexample.com.+003+26160</userinput>
+    <para><userinput>Kexample.com.+013+26160</userinput>
     </para>
     <para>
       In this example, <command>dnssec-keygen</command> creates
-      the files <filename>Kexample.com.+003+26160.key</filename>
+      the files <filename>Kexample.com.+013+26160.key</filename>
       and
-      <filename>Kexample.com.+003+26160.private</filename>.
+      <filename>Kexample.com.+013+26160.private</filename>.
     </para>
   </refsection>
 
index facfccb..51e3111 100644 (file)
 
     <para>
       The following command signs the <userinput>example.com</userinput>
-      zone with the DSA key generated by <command>dnssec-keygen</command>
-      (Kexample.com.+003+17247).  Because the <command>-S</command> option
-      is not being used, the zone's keys must be in the master file
+      zone with the ECDSAP256SHA256 key generated by key generated by
+      <command>dnssec-keygen</command> (Kexample.com.+013+17247).
+      Because the <command>-S</command> option is not being used,
+      the zone's keys must be in the master file
       (<filename>db.example.com</filename>).  This invocation looks
       for <filename>dsset</filename> files, in the current directory,
       so that DS records can be imported from them (<command>-g</command>).
     </para>
 <programlisting>% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
+Kexample.com.+013+17247
 db.example.com.signed
 %</programlisting>
     <para>