ldns-keygen - generate a DNSSEC key pair
is used to generate a private/public keypair. When run, it
will create 3 files; a .key file with the public DNSKEY, a .private file with
the private keydata and a .ds with the DS record of the DNSKEY record.
can also be used to create symmetric keys (for TSIG) by
selecting the appropriate algorithm: hmac-md5.sig-alg.reg.int
. In that case no DS record will be created and no .ds
prints the basename for the key files:
- -a <algorithm>
- Create a key with this algorithm. Specifying 'list' here gives a list of
supported algorithms. Several alias names are also accepted (from older
versions and other software), the list gives names from the RFC. Also the
plain algo number is accepted.
- -b <bits>
- Use this many bits for the key length.
- When given, generate a key signing key. This just sets the flag field to
257 instead of 256 in the DNSKEY RR in the .key file.
- -r device
- Make ldns-keygen use this file to seed the random generator with. This
will default to /dev/random.
- Show the version and exit
Written by the ldns team as an example for ldns usage.
Report bugs to <firstname.lastname@example.org>.
Copyright (C) 2005-2008 NLnet Labs. This is free software. There is NO warranty;
not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.